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1 Introduction 


1.1 Version Notes 

These are notes to myself as the editor of the document. I will highlight 
changes which actually affect material currently being lectured (or past ma- 
terial), which will of course also be of interest to current students. 

8/11/2016: Corrected some typos in 5.4. Chapter 5 needs considerable 
work, which will happen sometime this fall as I think about teaching 
from this text again in Spring 2017. 

7/22/2016: Substantial revisions of 5.3 and 5.4. 

7/20/2016 added some exercises for my independent study student in sec- 
tion 5.3. Revisions of 5.3 and 5.4 are likely shortly. 

7/12/2016 Introducing a new section on calculator arithmetic as an example 
of construction of a formal language and its semantics. 

6/23/2016: I made minor edits in the second order logic sections and moved 
both of them. They appear together in the type theory section after 
the treatment of relations, as a digression. Inserted lots of page breaks 
for readability. 

3/28/2016: Editing as I prepare for an independent study student (a phi- 
losophy major) in 2016. 

The syllabus for the independent study includes chapter 2 (which is 
review) strengthened with use of my interactive theorem prover Marcel. 
The way that the theorem prover works will be explored later. Section 
2.14 is definitely of interest to a philosophical logician. Section 2 might 
be reviewed quite fast depending on the student’s preparedness. 

Sections 3.1 to 3.9 will be covered. One needs some real grounding in 
elementary set theory to understand what is being done in proving the 
completeness theorem. Section 4.1 and 4.3 will be visited to compare 
elementary untyped set theory with elementary typed set theory. 

Sections 5.1 to 5.4 are the heart of the matter, and may get rewritten 
as we work through them (or new additional notes may be written for 
the independent study to supplement what is given). I have fixed some 



typos while editing today. Section 5.5 which does not exist might be 
written and taught if we have time; it has a lot of bearing on how the 
theorem prover works. I don’t regard this as likely unless we go quite 
fast. Section 5.6 is of enormous philosophical interest and I would like 
to get to it. 

If we have more time, I might then return to additional set theory 
results in chapter 3 (transhnite arithmetic of cardinals and ordinals, 
different sizes of infinity). 

6 / 15 / 2015 : More editing in response to Adam’s reading. 

6 / 5 / 2015 : Fixed stupid bug in recursion theorem. 

6 / 3 / 2015 : Minor typo corrections and added comments after meeting with 
Adam. 

4 / 9 / 2015 : corrected a typo in the ordinal number section. 

3 / 9 / 2015 : Rewrote the exercises on proving that compositions of injec- 
tions/surjections are injections/surjections. 

2 / 26 / 2015 : Repairing issues with the Iteration Theorem. 

2 / 23 / 2015 : Correcting a silly error in the new material added 2/18. 

2 / 18 / 2015 : Corrected an error in the Axiom of Ordered Pairs. Added 
motivational false starts to the proof that the Axiom of Infinity is 
equivalent to Peano axiom 4. 

1 / 30 / 2015 : Minor changes made after my reading with my student today. 
Some expansion of the motive for not adopting strong extensionality; 
power set might not be the only type constructor, as it were. The later 
treatment of the ordered pair as a primitive construction goes along 
with this. 

1 / 27 / 2015 : More editing - I read through the section on the construction 
of the reals. Enough howlers corrected that I think I ought to post this 
as the official version. 


9 



1/26 /2015: Cloning the document for my independent study student. Changes 
made here may or may not go to the main document eventually. Note 
that I added some language from the latest manual of logical style to 
the first part, and also 1 added the manual itself as an appendix. 

4/5/ 2013: Considering subversive language about second-order logic. Where 
to put it? 

1 added a couple of sections with musings about second order logic. 
They are probably not in the right places, but they might be modified 
to fit where they are or moved to better locations. 

November 30, 2012: reading this and preparing updates as part of my 
sabbatical work. Noted the requests in the text for elementary results 
about Boolean algebra and applications in ordinary mathematics of 
Zorn’s lemma. 

1 have written a section defining NFU and proving its consistency and 
am now working on a section investigating the mathematics of NFU 
(meaning its mathematical power over and above what it inherits from 
TSTU). This section mentions the fact that we can bootstrap from 
TSTU foundations to NFU foundations (not via Zermelo-style set the- 
ory). 

June 7, 2011: Finished reading through the document preparatory to ex- 
tending it. Minor typos corrected. 

Material about ultrafilters and ultrapowers added. 

June 6, 2011: 1 am going to work on filling this out this summer. 

This text needs insertions about Marcel if it is to be used with it. 

First decision: insert the use of the absurd _L. 

p. 40 note on elementary theorems about set operations should be 
cashed out. p. 116 note on general applications of Zorn’s Lemma 
should be cashed out 

July 19, 2008: Considerably modified the outline of the book. The alter- 
native set theories to be covered are restricted to the stratified theories 
with universal set. The basic results on ambiguity are present in draft 
(the cases of theories with unbounded and bounded types are treated 
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differently), [this was actually done before July 19 but I didn’t update 
the version notes or post to the web]. 

Added material on forcing in type theory. Note that I have basic con- 
structions for consistency and independence set up in the outline in to 
be in the first instance in type theory rather than in either untyped or 
stratified theories. My foundation for mathematics as far as possible is 
in TSTU here, not in either ZFC or NFU. 

July 14, 2008: Massively rewrote the outline of the unrealized last section 
on stratified set theories. 

I saved the previous version as proofsetslogicjulyl4.tex then did major 
surgery on section 4. 

The section now contains an initial account of Zermelo’s axioms in 
their original form, followed by a justification of the axioms in terms 
of an interpretation in the theory of set pictures in type theory (which 
immediately precedes it in the text), together with the observation 
that the Axiom of Rank holds in this interpretation. After that comes 
a new section on implementation of mathematical concepts in Zermelo 
set theory with the Axiom of Rank. The Scott trick is introduced; the 
von Neumann definitions are also given. 

Material in the old version about an axiomatic cumulative type theory 
is removed. There may still be unintelligible references to it which need 
to be removed. Some older material which still seems useful is retained, 
but there is now a fair amount of redundancy and rearrangements of 
the material will surely be needed. 

Some comments: I may want to do some forcing and some Frankel- 
Mostowski methods in type theory. It is useful to be able to do basic 
consistency and independence results in the basic foundational theory, 
and it may make it easier to follow the development in NFU or NF. 
Definitely introduce TNTU (and TNT specifically) as examples in the 
logic section. Methods in type theory which are portable to NF(U) are 
neatly summarized as those which work in TNT (don’t do recursive 
constructions on types; keep things ambiguous). Something about my 
reservations about ZFC would not be out of place here somewhere. 

July 13, 2008: Filled in lots of proofs in the section on well-founded exten- 
sional relations. Cleaned up various errors and infelicities. My proof of 
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extensional collapse is not ideal (I should say something better about 
uniqueness) . 

Correcting an omission in the definition of “membership” E for weak 
membership diagrams. 1 didn’t provide an implementation of atoms 
in weak set pictures: double singletons of the atoms of the original 
relations work smoothly (and preserve the basic theorems) but one 
needs to modify the definitions of weak set picture and of the relation 
E on weak set pictures. 

July 12, 2009: 1 cleaned up the section on isomorphism types of well- 
founded extensional relations (it is now a single section, not Old Ver- 
sion and New Version). Some of the stated Theorems will have proofs 
added (some of the proofs were present in versions now erased). The 
new development has the nice (and unexpected) feature that it supports 
development of ZFA (or more accurately Mac Lane with atoms) essen- 
tially as smoothly as it supports extensional Mac Lane, which is very 
convenient given our philosophical commitment to weak extensionality 
already stated. This section needs to be fleshed out (with proofs and 
perhaps additional discussion and examples) then the following Section 
4 on untyped set theory needs to be passed through with the idea that 
its relation to the theory of well-founded extensional relations should 
be exploited at every turn. 

Notice that the admission of urelements gets even stronger positive 
press because it prevents the truncation of the construction of the cu- 
mulative hierarchy of isomorphism types of well-founded extensional 
relations (the world of the usual set theory). 

Further, it is interesting to note that the von Neumann definition of 
ordinal numbers is entirely natural if the world of untyped set theory 
is viewed as being constructed from the isomorphism types of well- 
founded extensional relations. The von Neumann naturals (as untyped 
sets) are the isomorphism classes of strict well-orderings. This gets 
scrambled a bit when one passes to NFU, but this is also instructive: 
the ordinals of untyped set theory are restricted to the standard world 
in a way that the ordinals of NFU are not. 

1 think 1 might want to put a section on independence of the Axiom 
of Choice from type theory in the first part. That would also provide 
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a natural platform for cautions about the difference between choice- 
ful and choice-free mathematics, which are needed if we are finally to 
discuss the weirdness of NF intelligibly. 

July 10, 2009: Continuing to work. Added characterization of the order 
type of the rationals. Added Hartogs and Sierpinski theorems. Those 
might need some cleanup. Tried to tighten up the discussion which 
motivates TSTU by consideration of one’s desire to be able to extend 
the D operation. It is certainly a valid point which is being made, but 
I would like to say it neatly. It is nice to get to it before one tries 
to construct NF(U); thus one does not naturally wander into the NF 
problem. 

July 9, 2009: I am editing the text again, much later, with an eye to start- 
ing the addition of the last section(s) in which NFU and related issues 
will make their appearance. Since I am no longer addressing current 
students as readers, I erased the old version notes. 

Recent changes: I eliminated many but not all notes introduced by 
“NOTE:” in the text (notably ones that had actually already been 
dealt with). I cleaned up the format of definitions through a large 
part of the document. I made superscripts indicating iteration of type- 
shifting operations boldface, like type indices, though I am not sure 
that this was appropriate in all parts of the text. 

I wonder if there is a place (perhaps in the development of Zermelo 
set theory) to note the complication of the ADT of the ordered pair 
revealed by Adrian Mathias. In the type theory section there is no 
reason to bring this up: any list constructor IS an ordered-pair-for- 
building-relations in type theory. Maybe that is an observation worth 
making too. 

The discussion of well-founded extensional relations needs to be pol- 
ished up and unified and at least the option of using it to introduce 
untyped set theory needs to be clearly indicated. 

I might want to give a more thorough discussion of the intrinsic math- 
ematical reasons to prefer TSTU over TST which are revealed in the 
theory of cardinal number before NFU is ever considered. These are 
laid out: the point is that quite reasonable views about the ability to 
iterate the exp operation on cardinals are not supported in TST. TSTU 
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neatly solves the problem. In fact, there might be a more general thing 
worth saying: any construction we can define in type theory building 
on top of type 0 we probably ought to be able to copy down into urele- 
ments of type 1. So the rate at which the types increase in size should 
exceed anything we can define. Ideas for reflection principles naturally 
follow. 

I should look at the logical material for my recent M387 and see if some 
of it has a place here. 

1.2 Introductory Remarks 

This is being written as a textbook for Math 502, Logic and Set Theory, at 
Boise State University, on the practical level. 1 

On the Platonic level, this is intended to communicate something about 
proof, sets, and logic. It is about the foundations of mathematics, a sub- 
ject which results when mathematicians examine the subject matter and the 
practice of their own subject very carefully. 

The “proof” part refers to an informal discussion of mathematical prac- 
tice (not all that informal) which will serve as a springboard for the “logic” 
component. It also introduces formal notation for logic. 

The “sets” part refers to a careful development of mathematical ontology 
(a fancy word for “what are we talking about”?): familiar mathematical 
concepts are analyzed in terms of the fundamental concept of a set. This 
section gives us an opportunity to practice the proof skills of which section 
1 provides an overview. A distinctive feature of our development is that we 
first develop basic concepts of set theory in a typed theory of sets, then make 
the transition to the more usual untyped set theory in a separate section. 

The “logic” part refers to a much more formal discussion of how we prove 
things, which requires both the “proof” and “sets” components to work prop- 
erly, and in which bits of language (sentences and noun phrases) and proofs 
are actually mathematical objects. 

All of this is supported by some software: the formal logic introduced 
in section 5 (and one of the alternative set theories introduced in section 6) 
are the logic of our sequent theorem prover Marcel, to which we will have 

1 The document is being used for a upper division undergraduate independent study in 
2015, motivating the current edits. 
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occasion to refer, and which will be used for some lab exercises. We hope to 
find that experience with Marcel will assist the learning of formal logic. 

The final section on alternative set theories will probably not be reached 
in the course (or in a first course, at any rate) but has some bearing on other 
ways we could get from type theory to set theory and on the way set theory 
is implemented in Marcel. 
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2 Proof 


In this section we discuss how we make “formal proofs” (really, as we will 
see in the Logic section, rather informal proofs) in English, augmented with 
formal notation. 

Our framework is this. We will identify basic logical structures of state- 
ments. Statements have two fundamental roles in proofs which need to be 
carefully distinguished: there are statements which we are trying to deduce 
from our current assumptions, which we will call “goals” , and there are state- 
ments already assumed or deduced from the current assumptions which we 
are allowed to use, which we will call “posits”. The reason we call these last 
“posits” instead of something like “theorems” or “conclusions” is that posits 
may be consequences of statements which we have only assumed for the sake 
of argument: a posit is not necessarily a theorem. For each basic logical 
structure, we will indicate strategies for deducing a goal of that form (from 
the currently given posits) and strategies for using a posit of that logical form 
to deduce further consequences. Further, we will supply formal notation for 
each of the basic logical structures, and we will say something about the quite 
different English forms which statements of the same underlying logical form 
may take. 

It is useful to note that my use of the word “posit” is eccentric; this is not 
standard terminology. We can adopt as a posit any current assumption, any 
previously proved theorem, or anything which follows logically from current 
assumptions and theorems. We allow use of “posit” as a verb: when we 
adopt A as a posit, we posit A (to posit is either to assume for the sake of 
argument or to deduce from previous posits). 

We are trying to say carefully “deduce” rather than “prove” most of 
the time: what we can prove is what we can deduce without making any 
assumptions for the sake of argument. 

2.1 Basic Sentences 

Mathematical sentences (being sentences of natural language) have subjects, 
verbs and objects. Sentences in formal mathematical language have similar 
characteristics. A typical mathematical sentence already familiar to you is 
x < y (though we will see below that we will usually call this particular 
(grammatical) sentence a “formula” and not a “sentence” when we are being 
technical). Here x and y are noun phrases (the use of letters in mathematical 
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notation is most analogous to the use of pronouns in English, except that for 
precision of reference mathematical language has a lot more of them). < is the 
verb, in this case a transitive verb with subject and object. In the parlance of 
mathematical logic, a transitive verb is called a “binary predicate” . Another 
typical kind of mathematical sentence is “x is prime” . Here the verb phrase 
“is prime” is viewed as an intransitive verb (we don’t distinguish between 
adjectives and intransitive verbs as English does). We can’t think of examples 
of the use of intransitive verbs in mathematical English, though we are sure 
that they do exist. An adjective or intransitive verb is a “unary predicate” 
in mathematical logic. Two commonly used words in mathematical logic 
which have grammatical meanings are “term” and “formula”: a “term” is 
a noun phrase (for the moment, the only terms we have are variables, but 
more term constructions will be introduced as we go on) and a “formula” 
is a sentence in the grammatical sense (“sentence” in mathematical logic is 
usually reserved for formulas not containing essential references to variables: 
so for example x < y is a formula and not (in the technical sense) a sentence, 
because its meaning depends on the reference chosen for x and y, while 2 < 3 
is a formula and a sentence (no variables) and (3x.x < 2) is a formula and a 
sentence (the a: is a dummy variable here)). What we call “basic sentences” 
(using terminology from grammar) in the title of this section will really be 
called “atomic formulas” hereinafter. 

The English word “is” is tricky. In addition to its purely formal use in 
u x is prime”, converting an adjective to a verb phrase, it is also used as a 
genuine transitive verb in formulas like “x is the square of y” , written x = y 2 
in mathematical language. The = of equality is a transitive verb (as far as 
we are concerned: it is not treated the same by English grammar) and also 
part of our basic logical machinery. 

The English word “is” may signal the presence of another binary predi- 
cate. A formula like u x is a real number” may translate to x G M, where G is 
the predicate of membership and M is the name of the set of all real numbers. 
For that matter, the formula “x is prime” could be read x G P where P is 
here supposed to be the set of all prime numbers. 

In our formal language, we use lower case letters as variables (pronouns). 
There will be much more on the care and feeding of variables later on. Some 
special names for specific objects will be introduced as we go on (and in 
some contexts lower case letters (usually from the beginning of the alphabet) 
may be understood as names (constants)). Capital letters will be used for 
predicates. P(x) ( u x is P”) is the form of the unary predicate formula. 
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x Ry is the form of the binary predicate formula. Predicates of higher arity 
could be considered but are not actually needed: a ternary predicate formula 
might be written P(x,y,z). The specific binary predicates of equality and 
membership are provided: x — y, x e y are sample formulas. Much more 
will be heard of these predicates later. 

We will have another use for capital letters, mostly if not entirely in this 
Proof part: we will also use them as variables standing for sentences. We 
use variables A, B, C for completely arbitrary sentences (which may in fact 
have complex internal structure). We use variables P, Q, R for propositions 
with no internal structure (atomic formulas). Once we get to the sections 
on set theory we will once again allow the use of capital letters as variables 
representing objects (usually sets). 

2.2 Conjunction 

This brief section will review the mathematical uses of the simple English 
word “and”. The use of “and” as a conjunction to link sentences is what is 
considered here. If S is “snow is white” and G is “grass is green”, we all 
know what “snow is white and grass is green” means, and we formally write 
SAG. 

Certain English uses of “and” are excluded. The use of “and” to link noun 
phrases as in “John and Mary like chocolate” is not supported in mathemat- 
ical language. This use does have a close connection to the logical “and”: 
the sentence is equivalent to “John likes chocolate and Mary likes choco- 
late” . One should further be warned that there is a further complex of uses 
of “and”: “John and Mary went out together” does not admit the logical 
analysis just given, nor (probably) does “John and Mary moved the half-ton 
safe”. There is an example of the nonlogical use of “and” in mathematical 
parlance: there is a strong tempation to say that the union of two sets a and 
b, a Lib, consists of “the elements of a and the elements of 6” . But x G a U b 
is true just in case x G a or x G b. Another example of a use of “and” which 
is not a use of A is found in “x and y are relatively prime” . 

We note and will use the common mathematical convention whereby 
tRuSv is read t Ru A u S v, as in common expressions like x = y = z 
or 2 < 3 < 4. This chaining can be iterated: 


to R\ t± R\ ^2 • • • t n — i R n t r 
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can be read 

t 0 R 1 t 1 At 1 R 2 t 2 A...A t n - 1 R n t n . 

Proof Strategy: To deduce a goal of the form A A B, first deduce the goal 
A, then deduce the goal B. 

This rule can be presented as a rule of inference 

A 

B 

A A B 

We call this rule conjunction introduction if a name is needed. 

If you have posited (assumed or deduced from current assumptions) 
A A B, then you may deduce A and you may deduce B. 

This can be summarized in two rules of inference: 

A A B 
~A 

A A B 
~B 

We call this rule simplification if a name is needed. 

The operation on propositions represented by A is called conjunction : 
this is related to but should not be confused with the grammatical use of 
“conjunction” for all members of the part of speech to which “and” belongs. 

2.3 Disjunction 

This subsection is about the English word “or” . 

Again, we only consider “or” in its role as a conjunction linking sentences; 
the use of “or” in English to construct noun phrases has no analogue in our 
formal language. 

When we say “A or B” in mathematics, we mean that A is true or B 
is true or both. Here we draw a distinction between senses of the word 
“or” which is also made formally by lawyers: our mathematical “or” is the 
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“and/or” of legal documents. The (presumably) exclusive or of “You may 
have chocolate ice cream or you may have vanilla ice cream” is also a logical 
operation of some interest but it is not yet introduced here. 

We write “4 or B v as Ay B, where A and B are sentences. 

Proof Strategy: To deduce a goal Ay B, deduce A. To deduce a goal 
A\J B, deduce B. These are two different strategies. 

This can also be presented as a rule of inference, which comes in two 
different versions. 


A 

A V B 
B 

A V B 

The rule is called addition if a name is needed. 

We will see below that two more powerful strategies exist (generalizing 
these two): To deduce a goal Ay B, assume ->A (“not A ”) and deduce 
B: To deduce a goal Ay B, assume ->B and deduce A. We call both 
of these rules disjunction introduction. 

For a fuller discussion of this kind of proof strategy which involves 
the introduction of an additional assumption, see the subsection on 
implication below (and for more about negation see the section on 
negation below). 

To use a posit A \/B (assumed or deduced from the current assumptions) 
to deduce a conclusion G, we use the strategy of proof by cases: first 
deduce G from the current assumptions with A replacing Ay B, then 
deduce G from the current assumptions with B replacing Ay B [both 
of these proofs are needed]. 

The operation on propositions represented by V is called disjunction. 

2.4 Implication 

The sentences “if A, then B ” , “B if 4”, “(that) A (is true) implies (that) 
B (is true)” all stand for the same logical construction. Other, specifically 
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mathematical forms of the same construction are “(that) A (is true) is suf- 
ficient for B (to be true)” and “(that) B (is true) is necessary for A (to 
be true)”. We provide optional padding phrases in parentheses which are 
needed in formal English because a proposition cannot grammatically live in 
the place of a noun phrase in an English sentence. Our formal notation for 
any of these is A — y B. 

Don’t spend a lot of time worrying about “necessary” vs. “sufficient” 
for purposes of reading this text - I only occasionally use them. But other 
writers use them more often; if you are going to read a lot of mathematics 
yon need to know this vocabulary. 

It is important to notice that unlike previous constructions this one is not 
symmetrical: “if A, then B n is not equivalent to “if B , then A”. 

Proof Strategy: To deduce a goal A — >• B, assume A (along with any other 
assumptions or previously reduced results already given in the context) 
and deduce the goal B. Once the goal B is proved, one withdraws the 
assumption that A and all consequences deduced from it (it is local 
to this part of the proof). The same remarks apply to the negative 
assumptions introduced in the more general strategy for proving dis- 
junctions indicated above. 

We call this rule deduction. 

An alternative strategy for proving A — >• B (called “proving the con- 
trapositive”) is justified in the section on negation: assume ~^B and 
adopt -iA as the new goal. 

A posit of the form A — y B is used together with other posits: if we 
have posited A — >• B and we have also posited A, we can deduce B (this 
rule has the classical name modus ponens ). We will see below that we 
can use posits A — >■ B and ->B to deduce ~>A as well (the rule of modus 
tollens ). 

Another way to think of this: if we have a posit A ^ B we can then 
introduce a new goal A, and once this goal is proved we can deduce 
the further conclusion B. [or, following the pattern of m.odus tollens , 
we can introduce a new goal -i B, and once this goal is proved we can 
deduce -n4]. 

The operation on propositions represented by — » is called implication. 
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The additional strategies indicated in this section and the section on 
disjunction which involve negation (->) will be further discussed in the section 
on negation below. 

2.5 Biconditional and Exclusive Or 

When we say “A if and only if B'\ “A (being true) is equivalent to B (being 
true)”, “A exactly if B'\ or similar things we are saying that A and B are 
basically the same statement. Formal notations for this is A <->■ B. We have 
often used = for this operator elsewhere, and the notation of Marcel (==) is 
motivated by this alternative notation. U A iff B n is a learned abbreviation 
for “A if and only if B” which is used in mathematical English. 

Proof Strategy: To deduce a goal of the form A B, deduce A — >• B and 
deduce B — >■ A. Since there are at least two strategies for deducing 
these implications, there are a number of ways to structure the proof. 

One can use a posit of the form A ^ B in a number of ways. From 
posits A B and A, we can deduce B ; from posits A B and B we 
can deduce A. More powerfully, if we have posits A -B- B and some 
complex C[A], we can deduce C[B] (simply replace occurrences of A 
with B) or symmetrically from posits A -H- B and C[B] we can deduce 

C{A]. 

The operation represented by is called the biconditional. 

We note without pursuing the details at this point that A B (another 
commonly used notation is A © B) is our notation for the “exclusive or”: A 
or B is true but not both. 

A common format for a theorem is to give a list of statements and as- 
sert that all of them are equivalent. A strategy for proving that statements 
Ai , . . . , A n are equivalent is to show that A* — > A i+lmodr) , for each appropriate 
i (showing that each statement implies the next in a cycle). In a theorem of 
this type several linked cycles may be present. 

We note that (A B) C is equivalent to A H (5 H d) but not 
equivalent to (A ^ B) A (5 o C) (there is an exercise about this later). 

2.6 Negation and Indirect Proof 

It is common to say that the logical operation of negation (the formal notation 
is -i A) means “not A”. But “not A” is not necessarily an English sentence 
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if A is an English sentence. A locution that works is “It is not the case that 
A ” , but we do not in fact usually say this in either everyday or mathematical 
English. 

“Not snow is white” is ungrammatical; “It is not the case that snow is 
white” is pedantic; “Snow isn’t white” is what we say. If R is a relation 
symbol, we will often introduce a new relation symbol /R and let a: /Ry be 
synonymous with —>x Ry. The use of ^ and ^ should already be familiar to 
the reader. 

We do not as a rule negate complex sentences in English. It is possible 
to say “It is not the case that both A and B are true” but this is only a 
formal possibility: what we would really say is U A is false or B is false”. It 
is possible to say “It is not the case that either A or B is true” but this is 
also only a formal possibility: what we would really say is U A is false and B 
is false” . The logical facts underlying these locutions are the identities 

“i (A A B ) -fA (- 1 A V —>B) 

and 

-i(A V B ) -fA (- 1 A A —> B), 

which are known as de Morgan’s laws. It is pure common sense that we do 
not need to say “It is not the case that it is not the case that A ” , when we can 
so easily say A (the principle of double negation -> -iA A)- A). ->(A — > B) •<->■ 
A A -iB and ~<(A -B- B) A)- (A jA B) might require a little thought. The 
former is best approached via the equivalence of A — > B and —>A V B (which 
might itself require thought); the result about the negation of A — >■ B then 
follows from de Morgan’s laws and double negation. Do please note that 
we do not here authorize the use of these equivalences as proof strategies 
(without proof): they are mentioned here only as part of our discussion of 
the rhetoric of negation in mathematical English! 

A statement of the form A A —>A is called a contradiction. It is clear that 
such statements are always false. It is a logical truth that A V -<A is always 
true (this is called the law of excluded middle). 

We introduce the notation _L for a fixed false statement, which we may 
call “the absurd”. 

Proof Strategies: 

1: To deduce a goal of the form ->A, add A to your assumptions and 
deduce _L, the absurd statement. Notice that we will certainly 


23 



withdraw the assumption A when this proof is done! We call this 
rule negation introduction. 

2: From A and -A, deduce _L. The only way to deduce the absurd is 
from a contradiction. We call this rule contradiction. 

3: From deduce A. Otherwise, one can only use a negative hy- 

pothesis if the current goal is if we have a posit ~>A, use it by 
adopting A as a goal ( “for the sake of a contradiction” , so that _L 
can be deduced). We call this rule double negation elimination. 

The first strategy above is not the notorious technique of “proof by con- 
tradiction”: it is the direct strategy for proving a negative sentence. The 
strategy of proof by contradiction differs from all our other techniques in 
being applicable to sentences of any form. 

Proof by Contradiction: To deduce any goal A at all, assume —>A and 
reason to _L (by reasoning to a contradiction). Notice that this is the 
same as a direct proof of the goal —>—>A. Our formal name for this rule 
is the classical reductio ad absurdum, since we have a rule above called 
“contradiction” . 

Principle of Double Negation: - 1-1 P -B- P 

Proof: Part 1 of the proof requires us to deduce P given the assumption 
-i -i P: this is given as a basic proof step above. Part 2 requires us 
to deduce ->->P given the assumption P: to do this, assume -t P and 
deduce _L: but this is immediate as we have already assumed P. The 
proof is complete. 

In later parts of the book we will not usually mention _L, so the strategy 
for proving ->A will generally be to deduce some contradiction B A -i B from 
A (from which the further deduction of _L is immediate), and the strategy 
of proof by contradiction of A will be to deduce some contradiction B A -> B 
from -i A (thus the name). 

We prove that P — > Q is equivalent to —>Q — y —>P. This will give our first 
extended example of the proof techniques we are advertising. 
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Contrapositives Theorem: (P — > Q) -H- (~<Q — > ->P) 

Proof: This breaks into two subgoals: Goal 1 is to prove (P — > Q) — > 
(- 1 Q — > -i P) and Goal 2 is to prove (~>Q — > ~>P) — > (P — > Q). 

We prove Goal 1: (P — > Q) — > ( ->Q — > ~>P). 

This goal is an implication, so we assume for the sake of argument that 
P — * Q: our new goal is -> Q — > -> P. 

The new goal is also an implication, so we assume —>Q and have our 
latest goal as ->P. 

To deduce ->P we need to assume P and deduce _L. We duly assume 
P. We have already assumed P — » Q, so modus ponens allows us to 
conclude Q. We have already assumed -<Q, so we can conclude _L, 
which is the goal, which allows us to complete the deduction of our 
latest goal ->P, and so of the intermediate goal ->Q — > -i P and so of 
Goal 1. 

Goal 2 remains to be proved: (~<Q — > ->P) — » (P — > Q). To prove 
this we need to assume (-> Q — » ->P) and deduce an intermediate goal 
P Q. To deduce this goal, we need to assume P and deduce a second 
intermediate goal Q. To prove Q, we assume —>Q and take as our final 
intermediate goal _L (this is proof by contradiction). From -i Q and the 
earlier assumption —> Q — > —> P we can conclude ->P by modus ponens. 
From the earlier assumption P and the recently proved ->P we conclude 
T, completing the deductions of all outstanding goals and the proof of 
the entire theorem. 

Notice that we could replace the propositional letters P and Q with any 
statements A and P, however complex, and the proof above would still work: 
we have actually proved {A — >■ B) (-> B — > -'A). This kind of generaliza- 

tion is the subject of a subsection below. 

This justifies proof strategies we have already signalled above. 

Proof Strategy: To prove a statement A —)■ B, we can aim instead for the 
equivalent ->B — > -> A: assume —>B and take —>A as our new goal. This 
is called “proving the contrapositive” . 

If we have posited both A — >■ B and ->B, then replacing the implication 
with the equivalent ->P — >• ->A and applying modus ponens allows us 
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to conclude ~>A. The rule “From A — >■ B and ->B, conclude is 
called modus tollens , and we have justified it. 

We prove another theorem which justifies some additional proof strategies 
involving disjunction. 

Theorem: P V Q «->• -> P — > Q 

Corollary: PVQ -B- — y P. This follows from the theorem by equivalence 

of implications with their contrapositives and double negation. 

Proof of Theorem: For part 1 of the proof, we assume P V Q and deduce 
Goal 1: -i P — >■ Q. The form of the posit suggests a proof by cases. 

Case 1: We assume P. We prove the contrapositive of Goal 1: we 
assume -> Q and our goal is -> —>P. To prove -i-i P , we assume —> P 
and our goal is _L, which is immediate as we have already posited 
P. This completes the proof of case 1. 

Case 2: We assume Q. To prove the goal ->P — >• 0. we assume ->P 
and our new goal is Q. But we have already posited Q so we are 
done. 

For part 2 of the proof, we assume -> P — * Q and deduce P V Q. We 
prove the goal by contradiction: we assume -i(P V Q) and take _L as 
our goal. We do this by proving P then proving —>P. Our first goal 
is P, which we prove by contradiction: assume — «P; by modus ponens 
Q follows, from which we can deduce P V Q, from which with our 
assumption -i(P V Q) we can deduce T, completing the proof of P by 
contradiction. Our second goal is ~>P: to prove this we assume P and 
take _L as our goal; from the assumption P we can deduce P V Q from 
which with our assumption -i(P V Q ) we can deduce _L; this completes 
the proof of -iP, which completes the proof by contradiction of P V Q. 

Since the implications in both directions have been proved, the proof 
of the Theorem is complete. 

The Theorem directly justifies the more general proof strategies for dis- 
junction involving negative hypotheses given above. 
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Proof Strategy: To deduce the goal A V B, assume —>A and deduce B: 
this is valid because it is a proof of the equivalent implication -> A — > 
B. Alternatively, assume ->B and deduce A: this is a proof of the 
equivalent ->£> —$■ A. These rules are called disjunction introduction. 

If we have posits Ay B and —>A, we can draw the conclusion B , by 
converting Ay B to the equivalent —>A — > B and applying modus 
ponens. 

Symmetrically, if we have posits Ay B and ->B, we can deduce A. 
The latter two rules are called disjunctive syllogism. 

A perhaps shocking result is that anything at all follows from T, and so 
from any contradiction. 

Theorem: > B 

Proof: Assume T, and our goal becomes B. We prove B by contradiction, 
that is, assume -iB and take T as our new goal. The new goal is already 
met by our initial assumption, so the proof is complete. 

Theorem: A A -> A — » B 

Proof: Assume A A —>A, and take B as our new goal. From A A —>A, we 
deduce A and we deduce -*A, and from these we deduce _L. T— >■ B is 
true by the previous theorem, and B follows by modus ponens. 

The operation represented by -i is called negation. 

2.7 Generality and the Rule of Substitution 

A propositional letter P reveals nothing about the structure of the statement 
it denotes. This means that any argument that shows that certain hypotheses 
(possibly involving P) imply a certain conclusion A (possibly involving P) 
will remain valid if all occurrences of the propositional letter P in the entire 
context are replaced with any fixed statement B (which may be logically 
complex) . 

Denote the result of replacing P with B in A by A[B/P], Extend this 
notation to sets T: T[B / P] = {A[B / P] \ A G T}. 

The rule of substitution for propositional logic can then be stated as 
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If we can deduce A from a set of assumptions T, P is a propositional letter 
and B is any proposition (possibly complex), then we can deduce A[B/P ] 
from the assumptions T[B / P], 

Using the substitution notation, the strongest rules for the biconditional 
can be stated as 

“from A -H- B and C[B/P], deduce C[A/P}." 

“from A «->• B and C[A/P\, deduce C[B /P]." 

2.8 Note on Order of Operations 

The statements U A and either B or C ” and “Either A and B, or C ” (which 
can formally be written dA(BVC) and {A A B) V C ) do not have the same 
meaning. Making such grouping distinctions in English is awkward; in our 
notation we have the advantage of the mathematical device of parentheses. 

To avoid having to write all parentheses in order to make the meaning 
of a statement clear, we stipulate that just as multiplication is carried out 
before addition when parentheses do not direct us to do otherwise, we carry 
out -i first, then A, then V, then — », then -B- or When a list of operations 
at the same level are presented, we group to the right: P — > Q — > R means 
P — >■ (Q —>■ R). In fact, this only makes a difference for — », as all the other 
basic operations are associative (including and check it out!). 

There is a temptation to allow A B- B -B- C to mean (d«5)A(B«C) 
by forbidding the omission of parentheses in expressions A o (B O C) and 
{A B B) B C. We resist this temptation. 

2.9 Quantifiers 

In this section, we go beyond propositional logic to what is variously called 
first-order logic, predicate logic, or the logic of quantifiers. In any event, as 
in the propositional logic section, we are not talking about a formal system, 
though we will introduce some formal notations: we are talking about kinds 
of statement which appear in informal mathematical argument in natural 
language. 

We denote an arbitrary complex statement, presumably involving the 
variable x, by the notation A[x]. We do not write A(x) because this is our 
notation for a unary predicate sentence in which A stands for some definite 
unary predicate: a sentence of the form A(x) has the exact form of a predicate 
being asserted of x while a sentence of the form A[x] could be any sentence 



that presumably mentions x (so x = x is of the form A[x] but not of the 
form A(x); a sentence like Nat(x) (meaning “x is a natural number”) would 
be an example of the first form. A related notation is A[t/x], the result of 
replacing the variable x in the proposition A with the term t (which may be 
a complex name rather than simply a variable). If we denote a formula A by 
the notation A[x] then for any term t we use the notation A[t] to represent 
A[t/x]. 2 

The two kinds of statement we consider can be written “for all x, A[x]" 
(formulas with a universal quantifier ) and “for some x, A [a;]”, which is also 
often written “there exists x such that A[x] v (which is why such formulas 
are said to have an existential quantifier ). This language, although it is 
acceptable mathematical English, is already semi-formalized. 

Formulas (or sentences) with universal and existential quantifiers can ap- 
pear in a variety of forms. The statement “All men are mortal” can be 
analyzed as “for all x, if x is a man then x is mortal”, and the statement 
“Some men are immortal” can be analyzed as “for some x, x is a man and x 
is immortal”. 

The formal notation for “for all x, A[x] is {fi/x.A[x\) and for “for some x, 

A[x] v is (3x.A[x]). The parentheses in these notations are for us mandatory: 
this may seem eccentric but we think there are good reasons for it. 

Iteration of the same quantifier can be abbreviated. We write (\/xy.A[x, y\) 
instead of (\/x.(\/yA[x, ?/])), and similarly (3xy.A[x, y}) instead of (3x.(3y.A[x, ?/])), 
and notations like (\/xyz.A[x,y, z]) are defined similarly. 

Quantifiers are sometimes (very often, in practice), restricted to some 
domain. Quantifiers restricted to a set have special notation: (Vx G A.A[a:]) 
can be read “for all x in S, A[x]” and is equivalent to (fix.x G S — > A[x]), 
while (3x G 5. A [a;]) can be read “for some x in S, A[x] v and is equivalent 
to (3x.x G S A A[x]). The same quantifier restricted to the same set can be 
iterated, as in (fi/xy G S.A[x,y\). 

Further, restriction of a quantifier to a particular sort of object is not 
always explicitly indicated in the notation. If we know from the context that 
a variable n ranges over natural numbers, we can write (Vn.A[n]) instead 
of (Vn G J\f.A[n]), for example. In the section on typed theory of sets, all 
variables will be equipped with an implicit type in this way. 

2 It should be noted that this is a subtle distinction I am drawing which is not universally 
made (the exact notation here is specific to these notes); it is quite common to write P( x) 
for what I denote here as P[x], and I have been known to write parentheses by mistake 
when teaching from this text. 
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We do not as a rule negate quantified sentences (or formulas) in natural 
language. Instead of saying “It is not the case that for all x, A [a;]”, we would 
say “For some x, -iA[:r]”. Instead of saying “It is not the case that for some 
x, A [a;]”, we could say ’’For all x, -iA[:r]” (though English provides us with 
the construction “For no x, A[x\" for this case). “No men are mortal” means 
“For all x, if a; is a man then x is not mortal”. The logical transformations 
which can be carried out on negated quantified sentences are analogous to 
de Morgan’s laws, and can be written formally 

-i(Vx.A[a;]) «->• (3x.-u4[x]) 


and 

-i(3x.A[x]) -H- (Vx.-iA[x]). 

Note that we are not licensing use of these equivalences as proof strategies 
before they are proved: as above with de Morgan’s laws, these are introduced 
here to make a point about the rhetoric of mathematical English. 

Here is a good place to say something formally about the distinction 
between the more general “formula” and the technical sense of “sentence” (I 
would really much rather say “sentence” for both, following the grammatical 
rather than the mathematical path). Any “sentence” in the grammatical 
sense of mathematical language is called a formula; the actual “sentences” 
in the mathematical sense are those in which a variable x only occurs in a 
context such as (V;r.A[a;]), (3o;.A[a;]) or even {x \ A[x]} or J 3 x 2 dx (to get 
even more familiar) in which it is a dummy variable. The technical way of 
saying this is that a sentence is a formula in which all occurrences of variables 
are bound. 

2.10 Proving Quantified Statements and Using Quan- 
tified Hypotheses 

To prove the goal “for all x, A[o;]”, introduce a new name a (not used before 
anywhere in the context): the new goal is to prove A [a]. Informally, if we can 
prove A [a] without making any special assumptions about a, we have shown 
that A[x] is true no matter what value the variable x takes on. The new 
name a is used only in this proof (its role is rather like that of an assumption 
in the proof of an implication). This rule is called “universal generalization” . 

To prove the goal “for some x, A [a;]”, find a specific name t (which may 
be complex) and prove A[t\. Notice here there may be all kinds of contextual 
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knowledge about t and in fact that is expected. It’s possible that several 
different such substitutions may be made in the course of a proof (in different 
cases a different witness may work to prove the existential statement). This 
rule is called “existential instantiation”. 

If you have posited “for all x, A [re]”, then you may further posit A[t\ for 
any name t, possibly complex. You may want to make several such substi- 
tutions in the course of a proof. This rule is called ” universal instantiation” . 

Using an existential statement is a bit trickier. If we have posited “for 
some x, A[x}” , and we are aiming at a goal G, we may introduce a name 
w not mentioned anywhere in the context (and in particular not in G ) and 
further posit A[w\. if G follows with the additional posit, it follows without 
it as well. What we are doing here is introducing a name for a witness to 
the existential hypothesis. Notice that this name is locally defined; it is 
not needed after the conclusion G is proved. This rule is called “witness 
introduction” . 

2.11 Equality and Uniqueness 

For any term f, t — t is an axiom which we may freely assert. 

If we have posited a = b and A [a ] , we can further posit A[b\. 

These are an adequate set of logical rules for equality. 

To show that there is exactly one object x such that A[x] (this is often 
written (3!a;.A[a;])), one needs to show two things: first, show (3a;.A[a;]) (there 
is at least one x). Then show that from the additional assumptions A[a] and 
A[b], where a and b are new variables not found elsewhere in the context, 
that we can prove a = b (there is at most one x). 

Proofs of uniqueness are often given in the form “Assume that A[a], A[b], 
and a ^ b: deduce a contradiction” . This is equivalent to the proof strategy 
just given but the assumption a ^ b is often in practice never used (one 
simply proves a = b) and so seems to be an unnecessary complication. 

2.12 Dummy Variables and Substitution 

The rules of the previous section make essential use of substitution. If we 
write the formula A[x] of the previous section in the form A, recall that 
the variants A[a] and A[t\ mean A[a/x\ and A[t/x}: understanding these 
notations requires an understanding of substitution. 
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And there is something nontrivial to understand. Consider the sentence 
(3x.x = a) (this is a sentence if a is a constant name rather than a variable). 
This is true for any a, so we might want to assert the not very profound 
theorem (\/y.(3x.x = y )). Because this is a universal statement, we can 
drop the universal quantifier and replace y with anything to get another true 
statement: with c to get (3x.x = c)); with z to get (3a;. x = z )). But if we 
naively replace y with x we get (3x.x = x ), which does not say what we 
want to say: we want to say that there is something which is equal to x, and 
instead we have said that there is something which is equal to itself. 

The problem is that the x in (3a;. x = y ) does not refer to any particular 
object (even if the variable x does refer to something in a larger context). 
x in this sentence is a “dummy variable”. Since it is a dummy it can itself 
be replaced with any other variable: (3 w.w = y ) means the same thing as 
(3a;. x = y), and replacing y with x in the former formula gives (3 w.w = x) 
which has the intended meaning. 

Renaming dummy variables as needed to avoid collisions avoids these 
problems. We give a recursive definition of substitution which supports this 
idea. T[t/x\ is defined for T any term or formula, t any term, and x any 
variable. The only kind of term (noun phrase) that we have so far is variables: 
y[t/x] is y if y x and t otherwise; P[u)[t/x] is P(u[t/x ]); (uRv)[t/x\ is 
u[t/x\Rv[t/x\. So far we have defined substitution in such a way that it is 
simply replacement of the variable x by the term t. Where A is a formula 
which might contain x, (\/y.A)[t/x\ is defined as (y z .A[z / y\[t / x\) , where z is 
the typographically first variable not occurring in ( Wy.A ), t or x. (3 y.A)[t/x\ 
is defined as (3 z.A[z/y]\t/x]), where z is the typographically first variable 
not occurring in (3 y.A), t , or x. This applies to all constructions with bound 
variables, including term constructions: for example, once we introduce set 
notation, {y j A][t/x\ will be defined as {z \ A[z/y\ \t/x]}), where z is the 
typographically first variable not occurring in {y \ A}, t, or x. The use of 
“typographically first” here is purely for precision: in fact our convention is 
that (for example) if/x.A) is basically the same statement as (\/y.A[y/x]) for 
any variable y not occurring in A (where our careful definition of substitution 
is used) so it does not matter which variable is used as long as the variable 
is new in the context. 

ft is worth noting that the same precautions need to be taken in carefully 
defining the notion of substitution for a propositional letter involved in the 
rule of substitution. 
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2.13 Are we doing formal logic yet? 

One might think we are already doing formal logic. But from the strictest 
standpoint we are not. We have introduced formal notations extending our 
working mathematical language, but we are not yet considering terms, for- 
mulas and proofs themselves as mathematical objects and subjecting them to 
analysis (perhaps we are threatening to do so in the immediately preceding 
subsection). We will develop the tools we need to define terms and formulas 
as formal mathematical objects (actually, the tools we need to formally de- 
velop any mathematical object whatever) in the next section, and return to 
true formalization of logic (as opposed to development of formal notation) in 
the Logic section. 

We have not given many examples: our feeling is that this material is so 
abstract that the best way to approach it is to use it when one has some 
content to reason about, which will happen in the next section. Reference 
back to our discussion of proof strategy here from actual proofs ahead of us 
is encouraged. 
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2.14 Exercises 


Prove the following statements using the proof strategies above. Use only 
the highlighted proof strategies (not, for example, de Morgan’s laws or the 
rules for negating quantifiers). You may use proof of an implication by prov- 
ing the contrapositive, modus tollens and the generalized rules for proving 
disjunctions. 

1. Prove the equivalence 

4 ^ (B -A C) *+ (4 A B) -A C 

2. Prove the equivalence 

-i (4 — > B ) h (4 A —iP) 

3. Prove 

((.P — > Q ) A (Q ~a R)) ~a (P ~a R ) 

4. Prove 

-i(Vx.P[a:]) A> (3x.-iP[x]) 

5. Prove 

((3x.P[xj) A (Vm>.P[w] — > Q[n])) — > (\/z.Q[z]) 

6. Prove de Morgan’s laws. 

7. Justify the rules for the existential quantifier using the rules for the 
universal quantifier and the equivalence of (3x.P[x ]) and -i(Va;.-iP[a;]). 

8. Construct truth tables for 4 -B- (P -H- C), (4 A)- B) -H- C, and 

(4 h B) A (S o C). 

Notice that the first two are the same and the third (which one might 
offhand think is what the first says) is quite different. Can you deter- 
mine a succinct way of explaining what 


A\ At* A.2 At* . . . A^ A n 


says? 
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We give some solutions. 


1: Our goal is 


A ^ (B ^ C) ±A (A A B) ^ C. 


Goal 1: 


A (B ->■ C) ->■ (A A B) ->■ C 


Argument for Goal 1: Assume A — » ( B — > C). Our new goal is 
(AAB) — > C. To prove this implication we further assume AAB, 
and our new goal is C. Since we have posited A A B, we may 
deduce both A and B separately. Since we have posited A and 
A — > (B — > C) we may deduce B — > C by modus ponens. Since 
we have posited B and £> — >■ C, we may deduce C , which is our 
goal, completing the proof of Goal 1. 

Goal 2: 

(AAB)^C -)■ A^(B^C) 

Argument for Goal 2: Assume (AAB) -a C. Our new goal isA—> 
(B -A C). To deduce this implication, we assume A and our new 
goal is B — > C. To deduce this implication, we assume B and 
our new goal is C. Since we have posited both A and B we may 
deduce AAB. Since we have posited AAB and (A A B) -A C, we 
may deduce C by modus ponens, which is our goal, completing 
the proof of Goal 2. 

Conclusion: Since the implications in both directions have been proved, 
the biconditional main goal has been proved. 
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3: Our goal is 


-i(Vx.P[x]) <H- (3 X.-iP[x]). 

Since this is a biconditional, the proof involves proving two subgoals. 

Goal 1: 

-<(\/x.P[x}) — y ( 3x.-iP{x ]) 

Argument for Goal 1: Assume -i(Vx.P[x]). Our new goal is (3x.-iP[a;]). 

We would like to prove this by exhibiting a witness, but we have 
no information about any specific objects, so our only hope is 
to start a proof by contradiction. We assume ->(3a;.-iP[:r]) and 
our new goal is _L. We note that deducing (\/x.P\x\) as a goal 
would allow us to deduce _L (this is one of the main ways to use 
a negative hypothesis). To prove this goal, introduce an arbitrary 
object a and our new goal is P[a]. Since there is no other evident 
way to proceed, we start a new proof by contradiction: assume 
->P[a ] and our new goal is _L. Since we have posited -iP[a], we 
may deduce (3x.-iP[x]). This allows us to deduce _L, since we 
have already posited the negation of this statement. This supplies 
what is needed for each goal in turn back to Goal 1, which is thus 
proved. 

Goal 2: 

(3 x.->P[x\) — > -<(Vx.P{x]) 

Argument for Goal 2: We assume (3x.-iP[x]). Our new goal is -i(Vx.P[x]). 
To deduce this goal, we assume (\/x.P[x]) and our new goal is _L. 

Our existential hypothesis (3a;.-tP[a;]) allows us to introduce a 
new object a such that ->P[a] holds. But our universal hypothesis 
(Vx.P[xj) allows us to deduce P[a } as well, so we can deduce _L, 
completing the proof of Goal 2. 

Conclusion: Since both implications involved in the biconditional main 
goal have been proved, we have proved the main goal. 
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3 Typed theory of sets 

In this section we introduce a theory of sets, but not the usual one quite 
yet. We choose to introduce a typed theory of sets, which might carelessly 
be attributed to Russell, though historically this is not quite correct. 

3.1 Types in General 

Mathematical objects come in sorts or kinds (the usual word is “type”). We 
seldom make any statement about all mathematical objects whatsoever: we 
are more likely to be talking about all natural numbers, or all real numbers. 

Further, there are standard ways to produce a new sort of object from an 
old sort, which can be uniformly applied to all or at least many types: for 
example, if a is a sort and r is a sort, we can talk about collections of cr’s 
or r’s, functions from cr’s to t’s, ordered pairs of a a and a r, and so forth. 
These are called type constructors when they are considered in general. 

In much of this section, every variable we introduce will have a type, and 
a quantifier over that variable will be implicitly restricted to that type. 

3.2 Typed Theory of Sets 

We introduce a typed theory of sets in this section, loosely based on the 
historical type theory of Bertrand Russell. This theory is sufficiently general 
to allow the construction of all objects considered in classical mathemat- 
ics. We will demonstrate this by carrying out some constructions of familiar 
mathematical systems. An advantage of using this type theory is that the 
constructions we introduce will not be the same as those you might have seen 
in other contexts, which will encourage careful attention to the constructions 
and proofs, which furthers other parts of our implicit agenda. Later we will 
introduce a more familiar kind of set theory. 

Suppose we are given some sort of mathematical object (natural numbers, 
for example). Then it is natural to consider collections of natural numbers as 
another sort of object. Similarly, when we are given real numbers as a sort 
of object, our attention may pass to collections of real numbers as another 
sort of object. 

Our approach is an abstraction from this. The basic idea (which we will 
tweak) is that we introduce a sort of object which we will call individuals 
about which we initially assume nothing whatsoever (we will add an axiom 
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asserting that there are infinitely many individuals when we see how to say 
this). We also call the sort of individuals type 0. We then define type 1 
as the sort of collections of individuals, type 2 as the sort of collections of 
type 1 objects, and so forth. (The tweak is that we actually leave open the 
possibility that each type n + 1 contains additional objects over and above 
the collections of type n objects). 

No essential role is played here by natural numbers: we could call type 0 i 
and for any type r let r + be the sort of collections of type r objects, and then 
the types 0,1,2. . . would be denoted t, l + , t ++ , ... in which we can see that 
no reference to natural numbers is involved. This paragraph is an answer 
in advance to an objection raised by philosophers: later we will define the 
natural number 3 (for example) in type theory: we have not assumed that 
we already understand what 3 is by using “3” as a formal name for the type 

t +++ . 

Every variable x comes equipped with a type. We may write x s for a 
type 3 variable (type superscripts will be boldface when they do appear so 
as not to be confused with exponents or other numerical superscripts), but 
we will not always do this. Atomic formulas of our language are of the form 
x — y, in which the variables x and y must be of the same type, and x £ y 
in which the type of y must be the successor of the type of x. 

Just for fun we give a formal description of the grammatical requirements 
for formulas which does not use numerals (in fact, amusingly, it does not even 
mention types!). Please note that we will not actually use the notation out- 
lined in this paragraph: the point is that the notation we actually use could 
be taken as an abbreviation for this notation, which makes the point firmly 
that we are not actually assuming that we know anything about natural 
numbers yet when we use numerals as type superscripts. We use a more 
long-winded notation for variables. We make the following stipulations: x 
is an individual variable; if y is an individual variable, so is y ; these two 
rules ensure that we have infinitely many distinct individual (type 0, but we 
aren’t mentioning numerals) variables. Now we define variables in general: 
an individual variable is a variable; if y is a variable, y + is a variable (one 
type higher, but we are not mentioning numerals). Now we define grammat- 
ical atomic formulas. If x is an individual variable and y is a variable, then 
x = y is an atomic formula iff y is an individual variable. If x is an individual 
variable, then x G y is an atomic formula iff y is of the form z + where z is 
an individual variable. For any variables x and y, x + = y + is an atomic 
formula iff x = y is an atomic formula and x + € y + is an atomic formula iff 
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x E y is an atomic formula. We do not write any atomic formula which we 
cannot show to be grammatical using these rules. The variable consisting of 
x followed by m primes and n plusses might more conveniently be written 
xJJj, but in some formal sense it does not have to be: there is no essential 
reference to numerals here. The rest of the formal definition of formulas: if 
0 is an atomic formula, it is a formula; if 0 and 0 are formulas and a: is a 
variable, so are (0), -<0, 0 A 0, 0 V 0, 0 — * 0, 0 <H- 0, (Va:.0), (3 x.ip) [inter- 
preting formulas with propositional connectives is made more complicated 
by order of operations, but the details are best left to a computer parser!]. 

Our theory has axioms. The inhabitants of every type other than 0 are 
sets (at least, some of them are). We believe that sets are equal iff they have 
exactly the same elements. This could be expressed as follows: 

* Strong axiom of extensionality: 

(Vx.(\/y.x — y -H- ( Mz.z eioze ?/))), 

for every assignment of types to x, y , z that makes sense. 

*Proof Strategy: If A and B are sets, to prove A = B, introduce a new 
variable a, assume a E A, and deduce a E B, and then introduce a 
new variable 6, assume b E B, and deduce b E A. This strategy simply 
unfolds the logical structure of the axiom of extensionality. 

This axiom says that objects of any positive type are equal iff they have 
the same elements. This is the natural criterion for equality between sets. 

Notice that we did not write 

(Va; n+1 . (Vt/ n+1 ,x n+1 = y n+1 ( Vz n .z n E x n+1 gg z 11 E y n+1 ))). 

This would be very cumbersome, and it is not necessary: it is clear from 
the form of the sentence (it really is a sentence!) that x and y have to have 
the same type (because x = y appears) and z has to be one level lower in 
type (because z E x appears). One does need to be careful when taking this 
implicit approach to typing to make sure that everything one says can be 
expressed in the more cumbersome notation: more on this anon. 

Notice that we starred the strong axiom of extensionality; this is because 
it is not the axiom we actually adopt. We take the more subtle view that in 
the real world not all objects are sets [and perhaps not all mathematical con- 
structions are implemented as set constructions], so we might want to allow 
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many non-sets with no elements (it is reasonable to suppose that anything 
with an element is a set). Among the objects with no elements, we designate 
a particular object 0 as the empty set. 

This does mean that we are making our picture of the hierarchy of types 
less precise (the tweak that we foreshadowed): type n + 1 is inhabited by 
collections of type n objects and also possibly by other junk of an unspecified 
nature. A more abstract way of putting it is that our type constructor sending 
each type r to a type r+ is underspecified: all we say is that type r+ includes 
the collections of type r objects. 

Primitive notion: There is a designated object 0 n+1 for each positive type 
n + 1 called the empty set of type n + 1. We do not always write the 
type index. 

Axiom of the empty set: ( Wx.x ^ 0), for all assignments of a type to x 
and 0 which make sense. 

Definition: We say that an object x (in a positive type) is a set iff x = 
0 V (3 y.y G x). We write set (a;) to abbreviate u x is a set” in formulas. 
We say that objects which are not sets are atoms or urelements. 

Axiom of extensionality: 

( \/xy.set(x ) A set (y) — > x — y GG (\/z.z 6 i G 2 6 y)), 

for any assignment of types to variables that makes sense. 

Proof Strategy: If A and B are sets, to prove A = B, introduce a new 
variable a, assume a G A, and deduce a G £>, and then introduce a 
new variable b, assume b G B, and deduce b G A. This strategy simply 
unfolds the logical structure of the axiom of extensionality. 

We have already stated a philosophical reason for using a weaker form of 
the axiom of extensionality, though it may not be clear that this is applicable 
to the context of type theory (one might reasonably suppose that non-sets 
are all of type 0); we will see mathematical reasons for adopting the weaker 
form of extensionality in the course of our development (and we will also see 
mathematical advantages of strong extensionality). 

We have said when sets are equal. Now we ask what sets there are. The 
natural idea is that any property of type n objects should determine a set of 
type n+l, and this is what we will say: 
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Axiom of comprehension: For any formula A[x] in which the variable y 
(of type one higher than x) does not appear, 

(3 y.(\/x.x e y ++ A[x])). 

This says that for any formula A[x] expressing a property of an object x 
(of some type n), there is an object y of type n + 1 such that the elements 
of y are exactly the objects x such that A[x]. 

The axiom of extensionality tells us that there is only one such object y 
which is a set (there may be many such objects y if A[x] is not true for any 
x, but only one of them (0) will be a set). This suggests a definition: 

Set builder notation: For any formula A[x], define {x | A [:/;•] } as the unique 
set of all x such that A[x]: an object with exactly these members exists 
by Comprehension and there is only one such object which is a set by 
Extensionality. If x is of type n, then {x | A[x]} is of type n + 1. 

Proof Strategy: To use a posit or deduce a goal of the form t G {x | A[x]}, 
replace the posit or goal with the equivalent A[t\. 

In our numeral free notation we indicate the grammar requirements for 
set abstracts: if x is a variable and 0 is a formula, {x \ 0} can replace any 
occurrence of x + in a formula and it will still be a formula. 

There are two other axioms in our system, the Axiom of Infinity and the 
Axiom of Choice, but some formal development should be carried out before 
we introduce them. 
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3.3 Russell’s Paradox? 

At this point an objection might interpose itself. Consider the following 
argument. 

For any set x, obviously either x is an element of itself or x is not an 
element of itself. Form the set R whose elements are exactly those sets 
which are not elements of themselves: R = {x \ x (jL x}. Now we ask, 
is R an element of itself? For any x r x e R -H- x ^ x, so in particular 
R G R R R. This is a contradiction! 

This argument, known as Russell’s paradox , was a considerable embar- 
rassment to early efforts to formalize mathematics on the very abstract level 
to which we are ascending here. 

Fortunately, it is completely irrelevant to our work here. This argument 
does not work in our system, on a purely formal level, because x G x is not 
a legal formula in the language of our type theory, so it does not define a 
property of sets allowing the introduction of a set by Comprehension! On 
a less formal level, attending to the meaning of notations rather than their 
formal structure, we have not introduced the kind of sweeping notion of set 
presupposed in the argument for Russell’s paradox: for any particular sort 
of object r (such as type n) we have introduced the new sort of object “set 
of t’s” or “r + ” (which we call type n + 1 in the particular case where r is 
type n ) . The supposition in Russell’s paradox is that we have a type of sets 
which contains all sets of objects of that same type. Ordinary mathemati- 
cal constructions do not lead us to a situation where we need such a type. 
If we had a universal sort o containing all objects it might seem that o + 
would contain all sets of anything whatsoever (including sets of type o + sets, 
which would presumably also be of the universal type o). The argument for 
Russell’s paradox shows that there cannot be such a type if the Axiom of 
Comprehension is to apply: either there cannot be a universal type o or the 
type o + cannot contain all definable subcollections of o. We will introduce 
untyped set theories with restrictions on comprehension below. 

It is important to notice on a philosophical level that care in the intro- 
duction of the idea of a set has completely avoided the paradox: there is no 
embarrassment for our typed notion of set, and our typed notion of set is 
true to what we actually do in mathematics. Russell’s paradox was a serious 
problem for an initial insufficiently careful development of the foundation of 
mathematics; it is not actually a problem for the foundations of mathematics 
as such, because the typed notion of set is all that actually occurs in mathe- 
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matics in practice (in spite of the fact that the system of set theory which is 
customarily used is formally untyped: we shall meet this system in section 
4 and see that its restrictions on comprehension can be naturally motivated 
in terms of types). 

Notice that if x and y are terms of different types, x = y is not a formula 
at all. This does not mean that we say that x and y are distinct: it means that 
we do not entertain the question as to whether objects of different types are 
identical or distinct (for now; we will have occasion to think about this later). 
Similarly, if the type of y is not the successor of the type of x (for example, 
if x and y are of the same type) we do not say x e y (it is ungrammatical, 
not false). We do not ask whether x G X] we do not say that it is false (or 
true) (for now). 
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3.4 Simple Ideas of Set Theory 

In this section we develop some familiar ideas of set theory. 

We first develop the familiar list notation for finite sets. Here are the 
standard notations for one and two element sets. 

List notation for sets: {x} is defined as {y j y = x}. {x,y} is defined as 
{z | z = x V z = y}. 

It is convenient to define Boolean union and intersection of sets before 
giving the general definition of list notation. 

Boolean union and intersection: If x and y are sets, define x U y as 

{z j z G x V z G y} 


and x fl y as 


{z | z G x A z G y}. 


Notice that though we may informally think of x U y as “x and y” , it 
is actually the case that x U y is associated with the logical connective 
V and it is x fl y that is associated with A in a logical sense. 

We also define a c (the complement of a) as {x \ x ^ a} and a — b (the 
set difference of a and b ) as a fl If. 


recursive definition of list notation: {xi, X 2 , ■ ■ ■ , x n } is defined as {xi}U 
{X 2 , ■ ■ ■ , x n }. Notice that the definition of list notation for n items 
presupposes the definition of list notation for n — 1 items: since we 
have a definition of list notation for 1 and 2 items we have a basis for 
this recursion. 

Note that all elements of a set defined by listing must be of the same 
type, just as with any set. 


There is one more very special case of finite sets which needs special 
attention. 


null set: We have introduced 0 n+1 as a primitive notion because we adopted 
the weak axiom of extensionality. 

If we assumed strong extensionality, we could define 0 n+1 as 

{x n | x n ^ x n } 


44 



(in any event this set abstract is equal to 0 n+1 !). Notice that 0 n+1 
has no elements, and it is by Extensionality (either form) the only 
set (of type n + 1) with no elements. In this definition we have used 
type superscripts, though hereinafter we will write just 0: this is to 
emphasize that 0 is defined in each positive type and we do not say 
that the empty sets in different types are the same (or that they are 
different). Notice that although x G x is not grammatical, 0 G 0 is 
grammatical (and false!). It is not an instance of the ungrammatical 
form x G x because the apparent identity of the two occurrences of 0 
is a kind of pun. The pun can be dispelled by writing 0 n+1 G 0 n+2 
explicitly. 

universe: We define V as {x \ x = a:}. This is the universal set. The 
universal set in type n + 1 is the set of all type n objects. V G V is 
grammatical and true - but the two occurrences of V have different 
reference (this can be written V n+1 G V n+ 2 for clarification). 

Of course we assume that the universal set is not finite, but we do not 
know how to say this yet. 

The combination of the empty set and list notation allows us to write 
things like {0, {0}}, but not things like {x, {a;}}: the former expression is 
another pun, with empty sets of different types appearing, and the latter 
expression is ungrammatical, because it is impossible to make a consistent 
type assignment to x. An expression like this can make sense in an untyped 
set theory (and in fact in the usual set theory the first expression here is the 
most popular way to define the numeral 2, as we will explain later). 

Set builder notation can be generalized. 

Generalized set builder notation: If we have a complex term t[x i, • • • , x n \ 

containing only the indicated variables, we define {t [aq, . . . , x n \ \ A} as 
{y | (3xi . . . x n .y = t[x i, . . . , x n ] A A)} (where y is a new variable). We 
do know that this kind of very abstract definition is not really intelli- 
gible in practice except by backward reference from examples, and we 
will provide these! 

Examples: {{x} | x = x} means, by the above convention, {z \ (3z.z = 
{x} A x = a;)}. It is straightforward to establish that this is the set of 
all sets with exactly one element, and we will see below that we will 
call this the natural number 1. The notation {{x,y} \ x ^ y} expands 
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out to {z | (3xy.z = {x,y} Ai ^ y)}: this can be seen to be the set 
of all sets with exactly two elements, and we will identify this set with 
the natural number 2 below. 

We define some familiar relations on sets. 

subset, superset: We define A C B as 

set(kl) A set (B) A (\/x.x GiAiG B ). 

We define A D B as B C A. 

Theorem: For any set A, A C A. 

Theorem: For any sets A, B, ACBABCA— > A = B. 

Theorem: For any sets A, B, C, if A C B and B C C then A C C . 

Observation: The theorems we have just noted will shortly be seen to es- 
tablish that the subset relation is a “partial order” . 

Proof Strategy: To show that A C B, where A and B are known to be 
sets, introduce an arbitrary object x and assume x G A: show that it 
follows that x £ B. 

If one has a hypothesis or previously proved statement A C B and a 
statement t G A, deduce t E B. 

Notice that the proof strategy given above for proving A = B is equiv- 
alent to first proving A C B, then proving B C A. 

The notions of element and subset can be confused, particularly because 
we have a bad habit of saying things like U A is in 5” or “hi is contained in 
B” for A e B and for A C B. It is useful to observe that elements are not 
“parts” of sets. The relation of part to whole is transitive: if A is a part of 
B and B is a part of C, then A is a part of C. The membership “relation” is 
not transitive in a quite severe sense: if A e B and B G C, then A G C is not 
even meaningful in our type theory! [In the untyped set theories discussed 
in section 4, membership is in a quite normal sense not transitive.] But the 
subset relation is transitive: if A C B and B C C, then any element of A is 
also an element of B , and so is in turn an element of C, so A C C. If a set 
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can be said to have parts, they will be its subsets, and its one-element sets 
{a} for a G A can be said to be its atomic parts. 

We give a general format for introducing operations, and then introduce 
an important operation. 

Definable Operations: For any formula (f>[x,y\ with the property that 

(' \/xyz.(j>[x , y] A (p[x, z] — >• y = z) 

we define F^{x) or F^x as the unique y (if there is one) such that 
4>[x, y]. Note that we will not always explicitly give a formula 0 defining 
an operation, but it should always be clear that such a formula could 
be given. Note also that there might be a type differential between x 
and F^ix) depending on the structure of the formula (j>[x,y\. 

For any such definable operation F(x ), we define F ll x for any set x as 
{F(u) j u G a;}: F a x is called the (elementwise) image of x under the 
operation F . 

Power Set: For any set A, we define V(A) as {B \ B C A}. The power set 
of A is the set of all subsets of A. Notice that V(V n ) is the collection 
of all sets of type n + 1, and is not necessarily the universe V n+1 , which 
might also contain some atoms. 

Observation: V is F^ where (p[x, y\ is the formula (\/z.z € y G> z C x) (or 
just y = {z | z C a;}). 

ft is very important to notice that V(x) is one type higher than x , and 
similarly that {a:} is one type higher than x. 

In the usual untyped set theory, the natural numbers are usually defined 
using a clever scheme due to John von Neumann. 

*Definition: 0 is defined as 0. 1 is defined as {0}. 2 is defined as {0, 1}. 3 
is defined as {0, 1, 2}. In general, n + 1 is defined as n U {n}. 

The star on this “definition” indicates that we do not use it here. The 
problem is that this definition makes no sense in our typed language. Notice 
that there is no consistent way to assign a type to n in “n U {n}”. In section 
4 on untyped set theory, we will be able to use this definition and we will see 
that it generalizes to an incredibly slick definition of ordinal number. 

NOTE: elementary theorems should follow (proof examples!). Definition 
and discussion of boolean algebras? 
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3.5 Finite Number; the Axiom of Infinity; Ordered 
Pairs 

The motivation of our definition of natural number in type theory is the 
following 

Circular Definition: The natural number n is the set of all sets with n 
elements. 

Of course this will not be acceptable as a formal definition: we spend the 
rest of the section showing how we can implement it using a series of formally 
valid definitions. 

ft is amusing to observe that the von Neumann definition above can also 
be motivated using an even worse 

* Circular Definition: The natural number n is the set of all natural num- 
bers less than n. 

This is starred to indicate that we are not at this point using it at all! 
Definition: We define 0 as {0}. 

Note that we have thus defined 0 as the set of all sets with zero (no) 
elements. 

Definition: For any set A, define A + 1 as {a; U {y} \ x £ A Ay x}. A + l 
is the collection of all sets obtained by adjoining a single new element 
to an element of A. 

Definition: We define 1 as 0 + 1. (Observe that 1 is the set of all one- 
element sets (singletons).) We define 2 as 1+1, 3 as 2+1, and so forth 
(and observe that 2 is the set of all sets with exactly two elements, 3 
is the set of all sets with exactly three elements, and so forth). 

Unfortunately, “and so forth” is a warning that a careful formal exami- 
nation is needed at this point! 

Definition: We call a set / an inductive set if 0 G / and (VAd G / — )■ 
A + 1 G I). We define X as the set of all inductive sets. 


48 



At this point it is useful to define the unions and intersections of not 
necessarily finite collections of sets. 

Definition: For any set A, we define IM as 

{x | (3a G A.x G a)} 


and p| A as 

{a: | (Va G A.x G a)}. 

(Notice that x U y = (J{:r, v} an d x H y = P|{x, y}.) 

Observation: Notice that (J A and P| A are of type n + 1 if A is of type 
n + 2. 


Definition: We define N, the set of all natural numbers, as P|Z, the inter- 
section of all inductive sets. 


We saw above that 0 has been successfully defined as the set of all zero 
element sets, 1 as the set of all one-element sets, 2 as the set of all two- 
clcment sets and so forth (whenever and so forth, etc, ... or similar devices 
appear in mathematical talk, it is a signal that there is something the author 
hopes you will see so that he or she does not have to explain it!) So we can 
believe for each of the familiar natural numbers (as far as we care to count) 
that we have implemented it as a set. If I is an inductive set, we can see that 
(the set implementing) 0 is in / by the definition of “inductive”. If the set 
implementing the familiar natural number n is in /, then (by definition of 
“inductive” ) the set implementing the familiar natural number n+ 1 will be 
in I. So by the principle of mathematical induction, sets implementing each 
of the familiar natural numbers are in I. But I was any inductive set, so for 
each familiar natural number n, the set implementing n is in the intersection 
of all inductive sets, that is in N as we have defined it. This is why we call 
inductive sets “inductive” , by the way. How can we be sure that there aren’t 
some other unintended elements of N? The best argument we can give is 
this: if there is a collection containing exactly the implementations of the 
familiar natural numbers, we observe that 0 is certainly in it and n + 1 must 
be in it if n is in it. So this collection is inductive, so any element of N, the 
intersection of all inductive sets, must belong to this set too, and so must be 
one of the familiar natural numbers. We will see later that there are models 
of type theory (and of untyped set theory) in which there are “unintended” 
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elements of N. In such models the collection of familiar natural numbers 
must fail to be a set. How can this happen when each type k + 1 is supposed 
to be the collection of all sets of type k objects? Notice that the axiom 
of comprehension only forces us to implement the subcollcctions of type k 
which are definable using a formula of our language as type k + 1 objects. 
So if there are “unintended” natural numbers we will find that no formula 
of our language will pick out just the familiar natural numbers. If we insist 
that each type k + 1 contain all collections of type k objects, it will follow 
that we have defined the set of natural numbers correctly. 

Definition: We define F, the set of all finite sets, as (JN. A set which is 
not finite (not an element of F) is said to be infinite. 

Since we have defined each natural number n as the set of all sets with n 
elements, this is the correct definition of finite set (a finite set is a set which 
has n elements for some natural number n, so exactly a set which belongs to 
n for some n G N). 

Now we can state a promised axiom. 

Axiom of Infinity: V qL F 

This says exactly that the universe is infinite. 

In all of this, we have not issued the usual warnings about types. We 
summarize them here. For A + 1 to be defined, a set must be of at least type 
2. A + 1 is of the same type as A. Similarly, 0 is of type at least 2 (and there 
is a formally distinct 0 n+2 for each n ). Any inductive set must be of at least 
type 3 and the set of all inductive sets X is of at least type 4. N is then of 
type at least 3 (it being the minimal inductive set) and there is actually a 
N n+3 in each type n + 3. An amusing pun which you may check is 0 G 1. 
The Axiom of Infinity, like the two earlier axioms, says something about each 
type: the universal set over each type is infinite (it could be written more 
precisely as V n+1 F n+2 ). 


50 



We state basic properties of the natural numbers. These are Peano’s 
axioms for arithmetic in their original form. The theory with these axioms 
(which makes essential use of sets of natural numbers in its formulation) is 
called second-order Peano arithmetic. 

1. o e N 

2. For each n EN, n + 1 6N. 

3. For all n E N, n + 1 ^ 0 

4. For all m, n E N, m + 1 = n + 1 — * m = n. 

5. For any set / C N such that 0 G / and for all n E /, n + 1 G I, all 
natural numbers belong to / (the principle of mathematical induction). 

All of these are obvious from the definition of N except axiom 4. It is 
axiom 4 that hinges on the adoption of the Axiom of Infinity. 

The principle of mathematical induction (axiom 5) can be presented as 
another 

Proof Strategy: To deduce a goal 

(Vn G N.0[n]), 

define A as the set (n G N | d[n]} and deduce the following goals: 
Basis step: 0 G A 

Induction step: The goal is (V/e E N \ k E A — y k + 1 E A): to 
prove this, let k be an arbitary natural number, assume k E A 
(equivalently <f)[k]) (called the inductive hypothesis ) and deduce 
the new goal k + 1 G A (equivalently (p[k + 1]). 
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We prove some theorems about natural numbers. Our aim is to prove 
the equivalence of the Axiom of Infinity and Peano’s Axiom 4. We will start 
by trying this and failing, but the nature of our failure will indicate what 
lemmas we need to prove for ultimate success. 

*Theorem (using Infinity): For all ro,n6N,ro + l = n + l4m = n. 

*Proof: Suppose that m and n are natural numbers and m + 1 = n + 1. Our 
aim is to show that m = n. We show this by choosing an arbitrary 
element a of m and showing that it belongs to n (and also the converse, 
but this will be direct by symmetry). Suppose x ^ a (we can find such 
an x by Infinity). Now a U {a;} G m + 1, by definition, so it is in n + 1. 
It seems that from a U {x} G n + 1, a G n should follow, but this will 
require more work. There is certainly no general result that x (jL a and 
a U {x} G A + 1 implies a G A. Suppose that A = {{0, 1}}. Then 
(0, 1} U {2} = (0, 2} U {1} G A + 1 and 1 £ (0, 2}, but (0, 2} £ A. We 
do believe that a U {x} Gn + 1 and x a implies a G n, when n is a 
natural number, but we need to show this. 

Theorem (not using Infinity): For any natural number n, if x G n + 1 

and i/Gi, then x — {y} G n. [an equivalent form is “if x U {y} Gn + 1 
then x — {y} G n”] 

Proof: Let A — {n G N | ( Mxy.x Gn + lAi/Gi - > x — {y} G n)}, i.e., the 
set of all n for which the theorem is true. Our strategy is to show that 
the set A is inductive. This is sufficient because an inductive set will 
contain all natural numbers. 

First Goal: 0 G A 

Proof of First Goal: The goal is equivalent to the assertion that if 
i G 0+1 and y G x, then x — {?/} G 0. We suppose that x G 
0 + 1 = 1 and y G x: this implies immediately that x = {y}, 
whence we can draw the conclusion x — {y} = {y} — {y} = 0 G 0, 
and x — { 2 /} G 0 is our first goal. 

Second Goal: (V/e G A.k + 1 G A) 

Proof of Second Goal: Let k be an element of A. Assume that k G 
A: this means that for any x G k+1 and t/Gi we have x — {y} G k 
(this is the inductive hypothesis). Our goal is k + 1 G A: we need 
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to show that if u G (/c+l) + l and v E u we have u— {v} G k+ 1. So 
we assume u G (fc+l) + l and v G u: our new goal is w— {u} G &+1. 
We know because u G (/c + 1) + 1 that there are p G k + l and q^Lp 
such that p U {q} = u. We consider two cases: either v = q or 
v ^ q. If v = q then u — {+} = (pU {g}) — {q} = p (because q p) 
and we have p E k+l so we have u— {u} G k+l. In the case where 
v ^ q, we have v E p, so p — {V} G k by the inductive hypothesis, 
and u — {u} = (p — {+}) U {q} E k + 1 because p — {u} G k and 
q £ p — {+}. In either case we have the desired goal so we are 
done. 

* Theorem: If Inhnity is false, then Axiom 4 is false. 

* Proof: If Inhnity is false then V is a finite set, so V E n for some natural 

number n. We would like to say then that {P} = n, so n+ 1 = 0 (there 
is no way to add a new element to V), so I G N, and clearly 0 + 1 = 0, 
so {P} + 1 = 0 + 1 = 0, but {P} 7 ^ 0, which gives a counterexample 
to Axiom 4. This argument is not so much incorrect as incomplete: 
how do we know that V E n excludes n having other elements? The 
following common sense Lemma fixes this: we believe that a finite set 
with n elements will not have any proper subsets with n elements. . . 

Theorem (not using Infinity): If n is a natural number and x,y E n and 

x C y then x — y. 

Proof: Let A be the set of natural numbers for which the theorem is true: 
A = {n E N | ( \/xy.x E n A y E n A x C y -+ x = y)}. Our strategy is 
to show that A is inductive. 

First Goal: 0 G A 

Proof of First Goal: What we need to prove is that if x E 0 and 
y E 0 and x C y then x = y. Assume that iGO and y E 0 and 
x C y. It follows that x = 0 and y = 0, so x = y. This completes 
the proof. Note that the hypothesis x C y did not need to be 
used. 

Second Goal: (V/e G A.k + 1 E A) 

Proof of Second Goal: Assume k E A. This means that for all 
x, y E k, if x C y then x = y. This is called the inductive 
hypothesis. 
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Our goal is k + 1 € A. This means that for all u,v E k + 1, if 
u C v then u = v. Suppose that u E k + 1, v E k + 1, and u C v. 
Our goal is now u = v. Because u E k + 1, there are a and 6 
such that u — a U {6}, a E k, and 6 ^ o. Because u C v we have 
a = u — {6} C v — {6}. a G k has been assumed and v — {6} G k 
by the previous theorem ( b E v because u C v), so a = v — {6} by 
inductive hypothesis, so u = a U {6} = (v — {6}) U {6} = v. 

Theorem (not using Infinity): If there is a natural number n such that 
V E n, we have n = {V}, n + 1 = 0 G N, and n + 1 = 0 + 1, though 
n 7 ^ 0, a counterexample to Axiom 4. 

Proof: If V E n E N, then for any x E n we clearly have x C V whence 
x = V by the previous theorem, so n = {V}. That {V} + 1 = 0 is 
obvious from the definition of successor (we cannot add a new element 
to V). It then clearly follows that 0 is a natural number. 0+1 = 0 is also 
obvious from the definition of successor, so we get the counterexample 
to Axiom 4. 

Theorem (using Infinity): (Vmn G N.m + 1 = n + 1 — » m = n). 

Proof: Suppose that m and n are natural numbers and m + 1 = n + 1. 

We prove that m = n by showing that they have the same elements. 

Let a Em be chosen arbitrarily: our aim is to show a E n. 

Choose x a (that there is such an x follows from the Axiom of 
Infinity, which tells us that the finite set a (finite because it belongs 
to a natural number) cannot be V). a U {x} G m + 1. It follows that 
a U {x} Gn+1, since by hypothesis m + 1 = n + 1. It then follows 
that a = (a U {x}) — {x} G n by the first in our sequence of theorems 
here. This is the goal of the first part of the proof. 

In the second part of the proof, we choose a E n arbitrarily and our 
goal is to show a E m. The proof is precisely the same as the previous 
part with m and n interchanged. 

So Axiom 4 of Peano arithmetic holds in our implementation. 
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A familiar construction of finite objects is the construction of ordered 
■ pairs . 

*ordered pair: We define (x,y) as {{a;}, {x, y}}. Note that the pair is two 
types higher than its components x and y. 

Theorem: For any x,y,z,w (all of the same type), (x,y) = (z,w) iff x — z 
and y = w. 

Proof: This is left as an exercise. 

*cartesian product: For any sets A and B } we define Ax B, the cartesian 
product of A and B, as {(a, b) \ a e A A b e B}. Notice that this is an 
example of generalized set builder notation, and could also be written 
as {c | (3 ab.c = {a, b) A a e A A b e B)} (giving a promised example of 
the generalized set builder notation definition). 

The definitions above are starred because we will in fact not use these 
common definitions. These definitions (due to Kuratowski) are usable in 
typed set theory and have in fact been used, but they have a practical dis- 
advantage: the pair ( x , y) is two types higher than its components x and 
V- 

We will instead introduce a new primitive notion and axiom. 

ordered pair: For any objects x n and y n . we introduce primitive notation 
(. x n , y n ) n for the ordered pair of x and y and primitive notation 7Ti(x n ) n 
and 7T2(a; n ) n for the first and second projections of an object x n consid- 
ered as an ordered pair. As the notation suggests, the type of the pair 
is the same as the types of its components x and y (which we call its 
projections) . In accordance with our usual practice, we will omit the 
type indices most of the time, allowing them to be deduced from the 
context. 

Notice that the scope of the Axiom of Comprehension is expanded to 
cover statements including these notations. 

Axiom of the Ordered Pair: For any x,y, 7Ti ((x,y)) = x and ^((x, y)) = 
y. For any x, x = (7Ti(x) , 7t 2 (x)) . 
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Corollary: For any x , y, z, w, (x,y) = (z,w) ^ x = z A y = w. The 
corollary is usually taken to be the defining property of the ordered 
pair; our axiom has the additional consequence that all objects are 
ordered pairs. 

cartesian product: For any sets A and B, we define A x B, the cartesian 
product of A and B, as {(a, b) | a G A A b G B}. Notice that this is an 
example of generalized set builder notation, and could also be written 
as {c | (3 ab.c = (a, b) A a G A A b G B)} (giving a promised example of 
the generalized set builder notation definition). 

We define A 2 as Ax A and more generally define A n+1 as A x A n (this 
definition of “cartesian powers” would not work if we were using the 
Kuratowski pair, for reasons of type). Notice that these exponents can 
be distinguished from type superscripts (when they are used) because 
we do not use boldface. 

A crucial advantage of a type-level pair in practice is that it allows a nice 
definition of n-tuples for every n: 

tuples: (xi, x 2 , ■ ■ ■ , x n ) = (xi, (x 2 , . . . , x n )) for n > 2. 

This would not type correctly if the Kuratowski pair were used, and an 
inelegant solution requiring the use of iterated singletons would be the best 
we could do along these lines. 

We show that the Axiom of Infinity follows from the Axiom of Ordered 
Pairs (so we strictly speaking do not need the Axiom of Infinity if we assume 
the Axiom of Ordered Pairs). 

Theorem: The Axiom of Ordered Pairs implies the Axiom of Infinity. 

Proof: We argue that if A G n G N then A x {0} G n. 0 is the only element 
of 0 and 0 x {0} = 0 G N. Suppose that A x {0} G n for all A G n. 
Any element of n + 1 is of the form A U {x} where A G n and x (jL A. 
(A U {x}) x {0} = (A x {0}) U {(x, 0)} G n + 1. The claim follows by 
induction. Now suppose b G iV G N. It follows that V x {0} G N. But 
certainly V x {0} C V so by a theorem about finite sets proved above, 
V — V x {0}, which is absurd. 
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3.5.1 Digression: The Quine Ordered Pair 

We develop a more complex definition of an ordered pair (x, y ), due to Willard 
v. 0. Quine, which is of the same type as its components x and y and satisfies 
the Axiom of Ordered Pairs above, but only works if strong extensionality is 
assumed. 

The definition of the Quine pair is quite elaborate. The basic idea is that 
the Quine pair (A, B) is a kind of tagged union of A and B (it is only defined 
on sets of sets). Suppose that we can associate with each element a of A an 
object first (a) from which a can be recovered, and with each element b of 
B an object second(5) from which b can be recovered, and we can be sure 
that first (a) and second(5) will be distinct from each other for any a G A 
and b G B. The idea is that (A, B) will be defined as 

{f irst(a) | a G A} U (second(fe) | b G B}. 

For this to work we need the following things to be true for all objects x and 
y of the type to which elements of A and B belong: 

1. For any x,y, first (x) = first(y) — >■ x — y 

2. For any x,y, second(x) = second(y) — >• x — y 

3. For any x,y, first (x) ^ second(y) 

If these conditions hold, then we can recover A and B from ( A,B ). An 
element x of (A, B) will be of the form first(o) for some a G A or of 
the form second(6) for some b G B. ft will be only one of these things, 
because no first(x) is equal to any second(y). Moreover, if x = first(a), 
there is only one a for which this is true, and if x = second(6) there is 
only one b for which this is true. So A = {a | first(a) G (A, B)} and 
B — {b | second(5) G ( A, B )}. 

Thus if (A, B) = ( C,D ) we have A = {a | first(a) G (A, B)} = {a | 
first(a) G (C,D)} = C and similarly B = D. 

The details of the definitions of the needed first and second operators 
follow. They will actually be called o\ and <j<i- 

Definition: For each n G N we define <r(n) as n + 1 and for each i^Nwe 
define cr(x) as x. Note that cr(x) is of the same type as x. 
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Observation: For any x, y, if cr(x) = a(y) then x = y. If a; and y are not 
natural numbers then this is obvious. If x is a natural number and y is 
not, then a(x) is a natural number and a(y) is not, so the hypothesis 
cannot be true. If x and y are natural numbers the statement to be 
proved is true by axiom 4 . 

Definition: We define a\(x) as {^(y) | y E x}. We define 0-2(0;) as a\(x) U 
{ 0 }. We define 03(0;) as {y \ a(y ) G a;}. Note that all of these opera- 
tions preserve type. 

Observation: 03(0-1(0;)) = x, so if a\{x) = <J\{y) we have x = 03 (0-1(0;)) = 
03(04(2/)) = 2/> (04(0;)) = x, so similarly if 04 (x) = 04 (y) we have 

x = y\ o'! (a;) ^ 04 (y), because 0 ^ G\(x) and 0 € 04 (y). This shows 
that the 04 and 04 operations have the correct properties to play the 
roles of first and second in the abstract discussion above. 

Definition: We define 04 “(0;) as {04(2/) \ y E r}, o 2 “(r) as {a 2 (y) \ y E x} 
and a 3 “(x) as (0-3(2/) | 2/ e x} 

Definition: We define ( x,y ) as u (x) Ua 2 u (y). Note that the pair is of the 
same type as its components. 

Theorem: For each set x there are unique sets Tii{x) and ti 2 (x) such that 
(^(x), 7r 2 (a;)) = x. An immediate corollary is that for any x,y,z,w 
(all of the same type), (x, y) = ( z , w) iff x = z and y = w. 

Proof: 714(0;) = 0-3 “({ 2 / e x | 0 £ y}); ir 2 (x) = a 3 u ({y G x \ 0 G y}) 

The Quine pair is defined only at type 4 and above; this is not a problem 
for us because we can do all our mathematical work in as high a type as we 
need to: notice that the natural numbers we have defined are present in each 
type above type 2; all mathematical constructions we present will be possible 
to carry out in any sufficiently high type. 

In the theory with weak extensionality, the Quine pair is defined only on 
sets of sets (elements of V 2 (V)) in types 4 and above, but it does satisfy the 
Axiom of Ordered Pairs on this restricted domain. We could in principle use 
the Quine pair instead of introducing a primitive pair, if we were willing to 
restrict relations and functions to domains consisting of sets of sets. This isn’t 
as bad as it seems because all objects of mathematical interest are actually 
sets of sets. NOTE: Adam would like examples. 
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We will not do this (our primitive pair acts on all objects), but we can 
use the Quine pair on sets of sets to justify our introduction of the primitive 
pair: if we cut down our universe to the sets of sets in types 4 and above, 
and use the relation x &' y defined as x G y A y G V 3 (V) as our new 
membership relation (allowing only sets of sets of sets to be sets in the 
restricted world) it is straightforward to verify that our axioms will hold 
with the new membership relation and the Quine pair in the old world (with 
its associated projection functions) will still be a pair and projections in the 
new world satisfying the Axiom of Ordered Pairs. We can do even better. 
If we replace the natural numbers n in the definition of the Quine pair in 
the old world with n fl V 2 (V), the pair in the new world will turn out to 
coincide with the new world’s Quine pair on sets of sets (because the objects 
n fl V 2 (V) are the natural numbers in the new world), and further all pairs 
of sets will be sets. 

What we have just given is a sketch of what is called a relative consistency 
proof. Given a model of our type theory with the Axiom of Infinity, we show 
how to get a model of our type theory with the Axiom of Ordered Pairs (but 
not quite the same model). 

Something important is going on here: we are forcibly reminded here 
that we are implementing already familiar mathematical concepts, not re- 
vealing what they “really are”. Each implementation has advantages and 
disadvantages. Here, the Kuratowski pair has the advantage of simplicity 
and independence of use of the Axiom of Infinity, while the Quine pair (or 
the primitive pair we have to introduce because we allow non-sets) has the 
technical advantage, which will be seen later to be overwhelming, that it is 
type level. Neither is the true ordered pair; the ordered pair notion prior to 
implementation is not any particular sort of object: its essence is perhaps 
expressed in the theorem that equal ordered pairs have equal components. 
The internal details of the implementation will not matter much in the se- 
quel: what will do the mathematical work is the fact that the pair exactly 
determines its two components. 
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3.5.2 Exercises 


1. Write a definition of the natural number 2 in the form { x j 4>[x]} where 
0 is a formula containing only variables, logical symbols, equality and 
membership. Hint: the formula 0[x] needs to express the idea that x 
has exactly two elements in completely logical terms. How would you 
say that x has at least two elements? How would you say that x has 
at most two elements? 

A definition of 1 in this style is 

{x | (3 y.y G x) A ( Wuv.u G x A u G x — > u = v)}. 

Another definition of 1 is 

(x | (3 y.y G x A (\/z.z GiGz = y))}. 

Notice the different structure of the scopes of the quantifiers in the two 
definitions. 

2. The usual definition of the ordered pair use in untyped set theory (due 
to Kuratowski) is 

{x,y) =def {{x},{x,|/}}. 

We will not use this as our definition of ordered pair because it has the 
inconvenient feature that the pair is two types higher than its projec- 
tions. What we can do (as an exercise in thinking about sets) is prove 
the following basic Theorem about this pair definition: 

(x,y) = (z,w) —$■ x = z A y = w 

This is your exercise. There are various ways to approach it: one often 
finds it necessary to reason by cases, if you have seen a proof of this, 
don’t go look it up: write your own. 

3. Prove the theorem (\/xyz.{x, z} = {y, z} — » x = y) from the axioms 
of type theory, the definition of unordered pairs {«, u}, logic and the 
properties of equality. Remember that distinct letters do not necessar- 
ily represent distinct objects. 

This could be used to give a very efficient solution to the previous 
exercise. 
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4. Prove that the set N k+3 (the set of natural numbers in type k+3) 
is inductive. You don’t need to specify types on every variable (or 
constant) every time it occurs, but you might want to state the type 
of each object mentioned in the proof the first time it appears. 

This proof is among other things an exercise in the careful reading of 
definitions. 

5. Prove the following statement using the Peano axioms in the form 
stated in the current section: (Vn G N.n = 0 V (3m. m + 1 = nj). 
You will need to use mathematical induction (in the set based form in- 
troduced above), but there is something very odd (indeed rather funny) 
about this inductive proof. 

Why is the object m unique in case it exists? (This is a throwaway 
corollary of the main theorem: it does not require an additional induc- 
tion argument). 

6. You are given that n > 0 is a natural number and a, b are not natural 
numbers. 

Compute the Quine pairs ( x , y) and ( y , x) where x = {{0, 3}, {2}, {0, 6}} 
and y = {{1,2}, {n,a}} 

Given that (u, v) = {{0, 2, 4}, {a, b, 2}, {0}, {1}, {a, n}}, what are the 
sets u and v? 

7. Prove that the following are pair definitions (that is, show that they 
satisfy the defining theorem of ordered pairs). 

The Wiener pair: This is the first ordered pair definition in terms of 
set theory ever given. 

(x,y) = def {{{*}}, {{y},0»- 

A pair that raises type by one: This is due to the author. Define 

[x, a, b] as {{a/, a, 6} | x' e x}. Define (x, y) as [x, 0, 1] U [x, 2, 3] U 
[y, 4,5] U [y, 6,7], where 0,1, 2, 3, 4, 5, 6, 7 can be any eight distinct 
objects. This only serves to construct pairs of sets, like the Quine 
pair. 
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8. We define an initial segment of the natural numbers as a set S of natural 
numbers which has the property that for all natural numbers m, if 
m + 1 G S then m G S. 

Does an initial segment of the natural numbers need to contain all 
natural numbers? Explain why, or why not (with an example). 

Prove that any nonempty initial segment of the natural numbers in- 
cludes 0. 

How do we prove anything about natural numbers? 

9. Find sets A and B such that A + 1 = B + 1 but A ^ B. I found an 
example that isn’t too hard to describe where A+1=H+1=3 (or 
any large enough natural number; nothing special about 3). There are 
other classes of examples. This shows that Axiom 4 is true of natural 
numbers but not of sets in general. 
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We give some solutions. 


2. We repeat the definition 


{x,y) = def {{x},{x,y}} 
of the Kuratowski pair. Our goal is to prove 

(' \/xyzw . (x,y) = ( z,w ) -A x — z Ay — w). 

We let x,y,z,w be arbitrarily chosen objects. Assume that (x,y) = 
( z,w ): our new goal is x = z A y = w. Unpacking definitions tells us 
that we have assumed {{a:}, {x,y}} = {{z}, 

We have two things to prove (since our goal is a conjunction). Note 
that these are not separate cases: the result proved as the first subgoal 
can (and will) be used in the proof of the second. 

Goal 1: x — z 

Proof of Goal 1: Because {{a;}, {x, y}} = {{;?}, { 2 , w}}, we have ei- 
ther {a;} = {z} or {a;} = {z,w}. This allows us to set up a proof 
by cases. 

Case la: We assume {a;} = {z}. Certainly x G {a;}; thus by 
substitution x G {^}, thus by definition of {z} (and by com- 
prehension) we have x = z. 

Case lb: We assume {a;} = {z,w}. Certainly z G {z,w} (by 
definition of {z,w} and comprehension). Thus z G {a;}, by 
substitution of equals for equals. Thus z = x, so x = z. 
Conclusion: In both cases x = z is proved, so Goal 1 is proved. 

Goal 2: y = w 

Proof of Goal 2: Note that we can use the result x = z proved above 
in this subproof. 

Because {{a;}, {x, y}} = {{2}, {z, w}} we have either {a;} = {z, w} 
or {x, y} = {z, w}. This allows us to set up an argument by cases. 

Case 2a: Assume {a;} = {z,w}. Since z G {z,w} and w G 
{£,w}, we have z G {a;} and w G {a;} by substitution, whence 
we have x = z = w. This implies that {^} = {z,w}, so 
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{{44,4} = {{4}. Now we have {{4,4,2/}} = {4}} 
by substitution into onr original assumption, whence {x, y} = 
4}, whence x = y = z (the proofs of these last two state- 
ments are exactly parallel to things already proved), so y = w 
as desired, since we also have x = z = w. 

Case 2b: Assume {x, y} = {z, w}. Suppose y ^ w for the sake of 
a contradiction. Since y G {x,y}, we have y G {z, w}, whence 
y = z or y = w Since y w, we have y = z. Since w G {x, y} 
we have w = x or w = y. Since w y, we have w — x. 
Now we have y = z = x = w, so y = w, giving the desired 
contradiction, and completing the proof that y — w. 

Conclusion: Since y = w can be deduced in both cases, it can be 
deduced from our original assumption, completing the proof 
of Goal 2 and of the entire theorem. 
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5. Our goal is (Vn G N.n = 0 V (3 m.m + 1 = n)). 

Define A as the set {n G N | n — 0 V (3m G N.m + 1 = n)}. 

Our goal is to prove that A is inductive, from which it will follow that 

NCA, from which the theorem follows. 

Basis Step: 0 G A 

Proof of Basis Step: 0g3g(0 = 0V (3 m G N.m + 1 = 0)), and 
0 = 0 is obviously true. 

Induction Step: (Vfc G N .k gAgH 1 G A)}. 

Proof of Induction Step: Let k be an arbitrarily chosen natural num- 
ber. Assume k G A. Our goal is to prove k + 1 G A, that is, 
k+1 = 0V(3m G N.m+1 = k+ 1). We prove this by observing that 
k G N and k + 1 = k + 1, which witnesses (3m G N.m + 1 = k + 1). 
Notice that the inductive hypothesis k G A was never used at all: 
there is no need to expand it. 
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8. We define an initial segment of the natural numbers as a set S of natural 
numbers which has the property that for all natural numbers m, if 
m + 1 G S then m G S. 

Does an initial segment of the natural numbers need to contain all 
natural numbers? Explain why, or why not (with an example). 

Solution: No. The empty set is an initial segment, since the hypothesis 
m + 1 G S' is false for every m if S = 0, making m + 1 G S — y 
m G S vacuously true. A nonempty initial segment not equal to N is 
for example {0, 1}: the implication can be checked for rn — 0 and is 
vacuously true for all other values of m. 

Prove that any nonempty initial segment of the natural numbers in- 
cludes 0. 

Solution: Let S be a nonempty initial segment of the natural numbers. 
Our goal is to show 0 G S. Since S is nonempty, we can find m G S. If 
we could show (Vn G N.n G S — » 0 G S), we would have m G S — >■ 0 G 
S and 0 G S by modus ponens. 

We prove the lemma (Vn G N.n G S — » 0 G S) by mathematical 
induction. Let A = {n G N | n G S' — * 0 G S}. We show that A is 
inductive. 

Basis Step: OgS— >■ 0 G S' is the goal. This is obvious. 

Induction Step: Let k be an arbitrarily chosen natural number. Sup- 
pose k G A. Our goal is fc + 1 G i. k G A means k G A — * 0 G S'. 
We have k + 1 £ S — > k £ S because S' is an initial segment. From 
these two implications fc+lGSGOGS 1 follows, completing the 
proof of the induction step and the lemma. 
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3.6 Relations and Functions 

If A and B are sets, we define a relation from A to B as a subset of Ax B. 
A relation in general is simply a set of ordered pairs. 

If R is a relation from A to B , we define x Ry as (x, y) G R. This notation 
should be viewed with care. Note here that x and y must be of the same type, 
while R is one type higher than x or y (that would be three types higher if 
we used the Kuratowski pair). In the superficially similar notation x G y, y 
is one type higher than x and G does not denote a set at all: do not confuse 
logical relations with set relations. In some cases they can be conflated: the 
notation x C y can be used to motivate a definition of C as a set relation 
([C] = {(x,y) | x C y}), though we do not originally understand x Cy as 
saying anything about a set of ordered pairs. 

If R is a relation, we define dom(/2), the domain of R, as {x | (3 y.x Ry)}. 
We define f? _1 , the inverse of R, as {(x,y) j yRx}. We define rng(-R), the 
range of R , as dom(/? _1 ). We define fld(A), the field of R , as the union 
of dom(i?) and rng(i?). If R is a relation from A to B and A is a relation 
from B to C, we define R\S, the relative product of R and S as {{x,z) \ 
(3y.x Ry Ay S z)}. 

The symbol [=] is used to denote the equality relation {{x,x) \ x G V}. 
Similarly [C] can be used as a name for the subset relation (as we did above), 
and so forth: the brackets convert a grammatical “transitive verb” to a noun. 
We define special characteristics of relations. 

reflexive: R is reflexive iff x Rx for all x G fld(f?). 

symmetric: R is symmetric iff for all x and y, x Ry GG yRx. 

antisymmetric: R is antisymmetric iff for all x,y if x Ry and yRx then 
x = y. 

asymmetric: R is asymmetric iff for all x , y if x Ry then —>y Rx. Note that 
this immediately implies —> x R x. 

transitive: R is transitive iff for all x,y,z if x Ry and y Rz then xRz. 

equivalence relation: A relation is an equivalence relation iff it is reflexive, 
symmetric, and transitive. 

partial order: A relation is a partial order iff it is reflexive, antisymmetric, 
and transitive. 
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strict partial order: A relation is a strict partial order iff it is asymmetric 
and transitive. Given a partial order R, R— [=] will be a strict partial 
order. From a strict partial order R — [=], the partial order R can be 
recovered if it has no “isolated points” (elements of its held related only 
to themselves). 

linear order: A partial order R is a linear order iff for any x,y G fld(i?), 
either x Ry or y Rx. Note that a linear order is precisely determined 
by the corresponding strict partial order if its domain has two or more 
elements. 

strict linear order: A strict partial order R is a strict linear order iff for 
any x, y G f ld(i?), one has x R y, y R x or x = y. If R is a linear order, 
R — [=] is a strict linear order. 

image: For any set A C fld(i?), R U A = {b | (3a G A.aRb)}. 

extensional: A relation R is said to be extensional iff for any x, y G f ld(R), 
-R _1 “({a;}) = R~ lu ({y}) — > x — y: elements of the held of R with the 
same preimage under R are equal. An extensional relation supports a 
representation of some of the subsets of its held by the elements of its 
held. 

well-founded: A relation R is well-founded iff for each nonempty subset A 
of fld(i?) there is a G A such that for no b G A do we have bRa (we 
call this a minimal element of A with respect to R , though note that 
R is not necessarily an order relation). 

well-ordering: A linear order A is a well-ordering iff the corresponding 
strict partial order R — [=] is well-founded. 

strict well-ordering: A strict linear order A is a strict well-ordering iff it 
is well-founded. 

end extension: A relation S end extends a relation R iff R C S and for any 
x G fld(A), = S'” 1 “{a;}. (This is a nonstandard adaptation 

of a piece of terminology from model theory). 

function: / is a function from A to B (written / : A — > B) iff / is a relation 
from A to B and for all x, y,z, if x f y and x f z then y = z. For each 
x G dom(/), we define f(x) as the unique y such that x f y (this exists 



because x is in the domain and is unique because / is a function). The 
notation /[A] is common for the image /“A. 

warning about function notation: Notations like V(x) for the power set 
of x should not be misconstrued as examples of the function value no- 
tation f(x). There is no function V because V(x) is one type higher 
than x. We have considered using the notation F‘x (this was Russell’s 
original notation for function values) for defined operators in general 
and restricting the notation f(x) to the case where / is actually a set 
function. If we did this we would exclude (for example) the notation 
V(x) in favor of V l x (or T l (t) for complex terms t that require paren- 
theses). If we used the Russell notation in this way we would also write 
|J l x, Pi l x because these operations also shift type. We would then pre- 
fer the use of f[A] to the use of f“A for images under functions. But 
we have not adopted such a convention here. 

injection: A function / is an injection (or one-to-one ) iff / -1 is a function. 

surjection: A function / is a surjection from A to B or a function from A 
onto B iff it is a function from A to B and f“A = B. 

bijection: A function / is a bijection from A to B iff it is an injection and 
also a surjection from A to B. 

composition and restriction: If / is a function and A is a set (usually a 

subset of dom(/)), define f\A as / D (A x V) (the restriction of f to 
the set A). If / and g are functions and rng(g) C dom(/), define fog 
as g\f. This is called the composition of / and g. Because the order of 
composition is unnatural, we will often write compositions as relative 
products. 

identity function: Note that [=] is a function. We call it the identity func- 
tion, and we call [=] fA the identity function on A, where A is any 
set. 

abstraction: If T[x] is a term (usually involving x) define (x : A H > T[x]) 
or ( \x : A.T[x ]) as {(x,T[x\) \ x G A}. The explicit mention of the set 
A may be omitted when it is V or when it is understood from the form 
of the term T[x\. 
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3.6.1 Exercises 


1. I give alternative definitions of injection and surjection from A to B. 

A function / is an injection from A to B iff it is a function from A to 
B and for all x,y G A, f(x ) = f(y) — > x — y. 

A function / is a surjection from A to B iff it is a function from A to 
B and for all y G B, there exists x G A such that f(x) = y. 

Verify that each of these definitions is equivalent to the original one. 

2. Prove that if / is an injection from A to B and g is an injection from 
B to C, then g o f is an injection from A to C. (go f may be supposed 
defined by the equation (g o f)(x) = g(f(x ))) 

Prove that if / is an surjection from A to B and g is a surjection from 
B to C, then g o f is an surjection from A to C. 

Use the alternative definitions of “injection” and “surjection” given in 
the previous problem and proof strategy as described in section 2. 

Comment: of course this shows compositions of bijections are bijec- 
tions, which will be useful. 


70 



3.7 The logic of subjects and predicates, or second- 
order logic (can be skipped) 

This section is at a higher philosophical level than the preceding. It originally 
appeared at the end of the Proof section, as it is about an extension of our 
logic, but the level of mathematical sophistication seems to require a prior 
treatment of ordered pairs and relations, so we have moved it here. In any 
case, neither this nor the following section are an essential part of our main 
development. 

At the bottom, the subject of logic ought to be completely general: we 
ought to be able to talk about the entire universe. So we declare that the 
domain over which the variables x varies in (Vx.P[x]) is simply the domain 
of all things, whatever things there are. 

One might look at a unary sentence P(x) or an atomic sentence x Ry and 
think that two (respectively three) objects are being discussed: the objects 
x [resp. x and y\ and the predicate P [resp. R], 

We are going to analyze this impression. First of all, we simplify matters 
by reading every unary sentence P(x) as actually having the underlying form 
x P x, so that all predicates are of the same sort (binary relations). Secondly, 
we consider the difference between sentences A[x,y\ and the atomic predi- 
cates R that we are given. If our sentences A[x,y] are meaningful they too 
must express relations, so we give names {a; — > y : A[x, y]} for such relations. 
The rule for using this construction is that a{x — > y \ A[x,y]}b is to mean 
A[a, b\. 

We allow predicate variables and quantification over the realm of predi- 
cates (= binary relations). For any sentence P[R] in which a relation symbol 
R appears, we allow the formation of sentences (VP.P[P]) and (3f?.P[f?]). 
The rules for manipulating these relation quantifiers are exactly the same as 
for manipulating the quantifiers over objects. 

We state firmly that we are not admitting a new sort of object (relations) 
over which these variables range. The objects over which the variables x 
range are all the objects, and it can be proved that there can be no identifi- 
cation of the relations with a subset of our usual objects. 

We add a further abbreviation {x | for {x — >• y : x = y A R[x]}. 

This ties in with our abbreviation of R(x) as xRx (the change from brackets 
to parentheses here is principled!) 

Suppose that the relations R are to be identified with some objects. We 
can preserve the grammatical distinction by writing object(P) for the ob- 
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ject to be identified with R. Now consider TZ, a specific relation defined as 
{a: | (3X.x = object(X) A -cX’(x)}. 7£(object(7£)) is then equivalent to 
(3X. object (TV) = object(X) A ~'X{ object (72.))), which is clearly equiva- 
lent to -i7£(object(7£))). This is impossible. So relations in general cannot 
be objects. 

We stand by our stricture that the domain of our object variables is 
the entire universe of objects, so we do not allow relation variables to be 
regarded as denoting objects. Nonetheless, we do not regard it as sense- 
less to say that something is true of all predicates. For example, R(0) A 
(\/x.R(x) R(x + 1)) expresses the idea that a relation R is inductive, and 
(VR.(VR.R(0) A (Vx.R(x) — » R(x + 1))) — > R( 3)) is simply a true statement 
(3 has all inductive properties). 

We resist certain extensions of this logical framework (which is usually 
called “second-order logic”). 

The first extension we resist is the extension to ternary and higher arity 
relations. We avoid the necessity to do this by making an assumption about 
the world: 

(3IIi.(3Il2.(Vx2/.(3!2:.xIIi^ A yn 2 z)) A {\/ z .{3\x .xl\.\z) A {3\y .yl\. 2 z)))) 

This asserts the existence of a pairing construction on the universe by 
asserting the existence of its projection relations. The unique object z such 
that xlliz and yll\z whose existence is declared can be called (. x,y ), the 
ordered pair of x and y, and a ternary relation B(x,y,z ) can be taken as 
really meaning x B (■ y , z) (with similar magic dispelling relations of all higher 
arities). 

The second extension, which is much harder to resist, is the temptation 
to proceed to logic of third and higher orders. 

Formally speaking, to pass to third order logic is to proceed to allow 
names for objects (i? — y S : P[f?, S']} representing binary relations on rela- 
tions R and S, and then to admit quantifiers over these, and so forth. Other 
more complex classes of relations and predicates can be imagined. 

We can express all consequences of such a move in logic of second order 
alone. The idea is to specify a domain Dq to which we restrict the object 
variables of our original language, then introduce a domain Tfi and a relation 
E which satisfies (\/R.(3r G Di.(\/xy G D 0 .x Ry GG (x,y) Er ))). The objects 
in D 0 will be the genuine objects; the objects in D\ will be (or include) our 
relations; the true higher order relations will include the relations of third 
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order alluded to above and indeed all the further strange kinds of relation 
yon might want. 

This can be done without enhancing onr logic from “mere” second order 
logic, and moreover, the picture given is false to our intentions. We insist 
that there are not two tiers of objects in our logic: the domain of the object 
variables is all objects. So while we can simulate a picture in which there are 
first order objects, second order objects which capture all relations on first 
order objects, and third order relations, this is actually not an enhancement 
of our world, but a (very interesting) suggestion of how there might be a lot 
of extra complexity in the objects. Note that we can iterate this to obtain 
fourth order logic, fifth order logic and so forth, and in fact our theory of 
types below will look remarkably like such an iteration. 

We are not tempted in the direction of third, fourth and higher order 
logic by thinking that the predicates represent a higher tier of objects: we 
know by the argument above that as we add more and more tiers of rela- 
tions of various orders the domain of objects we are talking about at the 
base must depart further and further from being all the objects. There is 
another subtler temptation, which is to introduce third, fourth and higher 
order logic not as a higher tier of objects but as a higher tier of . . . relations. 
For certainly relations have properties, “i? is symmetric” is a perfectly rea- 
sonable abbreviation for (\/xy.x Ry -H- yRx ). Our view is that we have not 
succumbed to the siren lure of third order logic in this direction as long as we 
only talk about specific properties, relations and operations on predicates. 
As long as we introduce no variables ranging over predicates of predicates 
(and woe betide us if we introduce quantifiers over predicates of predicates) 
we have not advanced to the level of third-order logic. 
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3.8 Type theory in terms of second-order logic (can be 
skipped) 

Here we give a brief account of what we are doing in the development of 
onr theory of types in terms of the framework of “second-order logic” briefly 
introduced in the previous section. 

We use x G U to abbreviate U (x) where x is an object and U is a predi- 
cate. 

We consider the assertion “U is a type” as meaning 
((Vary G U.(x,y) e U) A (3 V.(BE.(VS.(Bs G V.(Vx G U.S(x) GG x E s)))))) 

For U a type and V a predicate, we read (BE. (VS. (3s G V. (Vx G U.S(x ) GG 
x E s)))) as “V is a power domain for U”. This says that V contains codes 
for the restriction of every unary predicate to U (which makes V quite large). 

We assert as an axiom that any type has a power domain which is a type. 

Type 0 will be a predicate U 0 ; for each concrete natural number, type U i+1 
will be a power domain over type with membership relation Ei (which as 
we will see is not the internal membership relation of the type theory). 

x Go y, where x is type i and y is type i + 1, is to be read x E t y. x ~ y 
is to be read x = y if x and y are of type 0. Otherwise it is to be read 
(Vz.z Go x GG z Go y). x G y is to be read x Go y if x is of type 0, and 
otherwise x Go y A (Vuv.u ~ v — > u Go y GG v Go y). 

The relations G and ~ in each type can be taken to implement our mem- 
bership and equality relations for type theory. 

A reader of our first little section about second-order logic should no- 
tice that our construction of type theory amounts to iterating the passage to 
third-order logic which we deprecated, repeatedly. Here we are using this ma- 
chinery to implement additional complexity in the domain of objects, which 
we remarked was a sound reason to be interested in this kind of structure. 

ft should be noted that our type theory is an entirely “first-order” theory: 
there are no quantifiers over predicates in its language. As a result, it may 
have interesting “first-order” models in which not all restrictions of predicates 
to the types define sets at higher types, and we will see much later that this 
is the case. The idea is that the comprehension axiom asserts that all sets 
of type i objects defined by statements in the language of type theory exist; 
this is not the same as saying (as we do in the framework presented here) 
that in some sense all sets of type i objects are implemented at type i + 1. 
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On a very technical level, it should be noted that there is no way whatso- 
ever to define a full infinite sequence of types using the framework we have 
given here: this does nonetheless support the validity of all reasoning in type 
theory, because any particular argument in type theory mentions only finitely 
many types. 

Finally, one should notice that an analysis of Russell’s paradox has al- 
ready been given in the first little section on second-order logic. 
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3.9 Defining Functions by Recursion; First-Order Peano 
Arithmetic 

Recursion is a special technique for defining functions with domain N. 

Informally, a recursive definition might look like this (this is not a com- 
pletely general example): /( 0) = 0; for each natural number n, f(n+ 1) = 
(f(n) + 1) + 1. This seems somehow suspect because this definition of / 
appears to mention / itself in an essential way. 

We show that this kind of definition is legitimate. We begin by exhibiting 
the technique of iterative definition of which the example just given is a 
special case. 

Iteration Theorem: For any function / : D — >• D and a G D (of appropri- 
ate types) there is a unique function g : N — » D such that g( 0) = a and 
g(n + 1) = f(g(n )) for each n G N. 

Definition: Where a, /, g are as in the statement of the Theorem, we define 
f n (a) as g(n). 

Proof of Iteration Theorem: We begin with a nonce 

Definition: A set / is said to be {f, a) -inductive iff (0, a) G / and 
( Vnx . { n , x) G / — >■ (n + 1, f(x)) G /). 

Let g be the intersection of all (/, a)-inductive sets. We claim that g 
is the desired function. Note that we do not even know that g is a 
function at this point! 

We claim that g is a subset of N x D. Note that (0, a) G N x D and 
for any (n, x) G N x D we also have (n + 1, f(x)) G N x D, so N x D 
is (/, a)-inductive, whence g C N x D. 

So we now know that every element of g is an ordered pair whose first 
component is a natural number and whose second component is in D, 
which is necessary but not sufficient for g to be a function with domain 
the set of natural numbers and range included in D. 

We claim that for each natural number n there is exactly one object x 
such that (n, x) is an element of g. Define A as the set of all natural 
numbers n such that there is exactly one object x such that (n, x ) is 
an element of g: we prove our claim by showing that A is inductive. 
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We first need to show that 0 G A. We know that (0, a) G g, so there 
is at least one x such that (0,a:) G g. Now consider g' = g — {(0, x) \ 
x ^ a}. We claim that g' is (/, a)- inductive. (0, a) G g' is obvious. 
Suppose (n, x) G g' . It follows that (n + 1, f(x)) G g, and in fact that 
(n + 1, f(x)) G g', because (n + 1, f(x)) qL { (0, a:) | x ^ a}. Since g' is 
(/, a)-inductive, g C g'. But g' C g as well, so g = g', and a is the only 
object such that (0, a) G g' — g, which is what we needed to show. 

Now we need to show that for any k G A we also have k + 1 G A. 
Assume k G A, whence there is exactly one u such that ( k , u) G g. 
We need to show that there is exactly one v such that ( k + 1, v) G g. 
Since ( k,u ) G g , it follows that (k + 1 ,/(«)) G g, so there is at least 
one such v. Now define g’ as g—- {( k + 1, w) w ^ /(«)}. We claim 
that g' is (/, a)- inductive. Clearly (0,a) G g 1 . Suppose (n,x) G g’\ our 
aim is to show (n + l,f(x)) G g'. Suppose otherwise for the sake of 
a contradiction. Clearly (n + 1, f(x)) G g: it is thus necessary that 
(n + 1, f(x)) G {(k + l,w) j w ^ /(«)}, which implies f(x) ^ f(u ) 
and also that n + 1 = k + 1. From this it follows that n = k , and thus, 
since (n, x) = (k,x) G g , that x = u, whence f(x) ^ f(u ) is impossible, 
which is the desired contradiction. We then have g = g', whence f(u) 
is the only object x such that (k + 1, x) G g' — g, whence k + 1 G A. 

This completes the proof that g is a function from N to D. Since (0, a) G 
g, we have g(0) = a. Since ( n,g(n )) G g , we have (n + 1, f(g(n ))) G g, 
whence g{n + 1) = f(g(n)). 

Now we need to show that g is the unique function with these proper- 
ties. Suppose g' : N — > V, g'(0 ) = a and g'(n+ 1) = f(g'(n)). (0, a) G g' 
is immediate. If (n,x) G g', then x = g'(n), and (n + l,g'(n+ 1)) = 
(n + 1 ,f(g'(n))) = (n + 1 ,f(x)) G g', so g' is (/, a) -inductive, whence 
g Q g’ ■ g' contains exactly one element with first projection n for each 
natural number n, which must be the one element with first projection 
n belonging to g, so g and g' are the same set. 

This completes the proof of the Iteration Theorem. 

Observation: This is more than a technical theorem: it has some philo- 
sophically interesting content. Our definition of the natural numbers 
is based intellectually on the use of natural numbers to count the ele- 
ments of sets. Here we are showing that our logical machinery allows 
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us to implement the arguably quite different basic idea of applying an 
operation n times to an object. 

Recursion Theorem: For any set a and function g : (N x V) — > V, there 
is a function h : N — * V such that h( 0) = a and h(n + 1) = g(n, h(n)) 
for each n e N. 

Proof of Recursion Theorem: Let G((n, x )) be defined as (n + 1, g(n, x )). 
Then h(n) = 7T2(G n ((0, a))). 

There is an alternative way to define f n {a). 

Definition: A set S of natural numbers is an initial segment of the natural 
numbers iff for all n G N, n + 1 G S — * n G S. 

Theorem: Any nonempty initial segment of the natural numbers contains 
0. 

Theorem: y = f n (a ) iff there is a function g such that the domain of g is 
an initial segment S of the natural numbers including n as an element, 
g( 0) = a, for all m such that m + 1 e S we have g(m + 1) = f(g(m)), 
and y = g(n). This formulation is advantageous because it only appeals 
to the existence of finite sets. 

As examples we can present definitions of addition and multiplication. 

Give the nonce name a to the successor function. We can define m + n 
(for any natural numbers m, n ) as a n (m ) (adding n is iterating successor n 
times). We can define m ■ n for any natural numbers m and n as (a m ) n (0): 
to add m ■ n is to add m n times. 

The recursive (really as we see above “iterative”) definitions of addition 
and multiplication are incorporated into modern formulations of “Peano’s 
axioms”, which make no essential reference to sets. The theory with these 
axioms is formally called first-order Peano arithmetic. 

When we reason in first-order Peano arithmetic, we are not reasoning in 
our type theory. But, since we have shown that there is an intepretation of 
the axioms of first-order Peano arithmetic in our type theory, any theorems 
we prove in first-order Peano arithmetic will be true in that interpretation. 
We will see below that there is a different interpretation of Peano arithmetic 
commonly used in untyped set theory (the von Neumann definition of the 
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natural numbers, already mentioned above), and anything we prove in arith- 
metic will also be true in that interpretation (and in any other we come up 
with). 

The convention when reasoning in first-order Peano arithmetic is to as- 
sume that all quantifiers are restricted to the natural numbers (we are not 
talking about anything else, and notably we are not talking about sets of nat- 
ural numbers as we do in the original (second-order) version of the theory). 
Note this particularly in axiom 9. 

1. 0 is a natural number. 

2. For each natural number n, <r(n) is a natural number. For all natural 
numbers m, n, m + n and m ■ n are natural numbers. 

3. For all natural numbers n, cr(n) ^ 0 

4. For all natural numbers m, n, cr(m) = cr(n) — > m — n. 

5. For all natural numbers m, n, m + 0 = m 

6. For all natural numbers m, n, m + cr(n) = a(m + n) 

7. For all natural numbers m, n, m ■ 0 = 0 

8. For all natural numbers m, n, m ■ <j(n) — m ■ n + m 

9. For each formula (f>[n], we adopt as an axiom 0[O]A (\/k.<f>[k\ — * <j>[a(k)]) — > 
(Vn.0[n]). This is the principle of mathematical induction. Note that 
this is not really a single axiom 9, but a suite of axioms 9^. Such a 
suite is called an axiom scheme. A scheme is needed because we do not 
refer to sets here. 

Since addition is also a primitive operation here, we use a primitive nota- 
tion for successor at first rather than the more natural addition of 1. Notice 
the reformulation of mathematical induction in terms of formulas rather than 
sets. This formulation of mathematical induction is not a statement with a 
quantifier over formulas (we cannot really do that for reasons which we may 
discuss much later on) but an infinite collection of different axioms, one for 
each formula q f>. You should notice that the axioms for addition and multipli- 
cation capture the iterative definitions of addition and multiplication given 
above. 

We give some sample proofs in Peano arithmetic. 
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Definition: 1 = <r(0). Note that it is immediate from the axioms for addi- 
tion that n + 1 = n + cr(0) = a(n + 0) = a(n). We feel free to use these 
notations interchangeably. 

Proof Strategy: We give the first order version of mathematical induction 
as a proof strategy. 

To deduce a goal (Vn.d[n]), deduce the following two goals: 

Basis step: Deduce 0[O]. 

Induction step: Deduce (Wk.(f)[k] — > (f)[k + 1]). Application of prior 
proof strategy expands this: let k be an arbitrarily chosen natu- 
ral number (which might be 0!): assume <p[k\ (this is called the 
inductive hypothesis , and it is useful to emphasize where in an 
induction proof the inductive hypothesis is used), and deduce the 
new goal (f>[k + 1]. 

Theorem: For each natural number n^O, there is a unique natural number 
m such that m + 1 = n. 

Proof: We prove by mathematical induction the assertion “For each natural 
number n, if n ^ 0, then there is a natural number m such that m + 1 = 

n”. 

For n — 0 this is trivially true (basis step). 

Suppose it is true for n = k ; then our goal is to prove that it is true for 
n — k + 1 (induction step). 

Either k = 0 or there is an m such that m + 1 = k, by inductive 
hypothesis. In either case, there is an m! such that m! + 1 = k + 1, 
namely k itself. 

So the assertion is true for all n by mathematical induction. What is 
strange here is that the inductive hypothesis is not used in this proof! 

The observant reader will notice that we have not yet proved the the- 
orem. We have shown that for each nonzero natural number n there 
is an m such that m + 1 = n, but we have not shown that this m is 
unique yet. Suppose that m + 1 — n and also m' + 1 — n: it follows 
directly from an axiom that m = wl . So we have shown that there can 
only be one such m for each n and the proof is complete. 
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Theorem: For each natural number n, 0 + n — n + 0. 

Proof: We prove this by mathematical induction. 

0 + 0 = 0 + 0 completes the proof of the basis step. 

Now for the induction step. We assume that 0 + k = k + 0 and our goal 
is to show that 0 + cr(k) = cr (k) + 0. 0 + a(k) = cr(0 + k) by axioms, 
and cr(0 + k) = a(k + 0) (by inductive hypothesis) = a(k) = a(k) + 0. 
This completes the proof of the induction step and of the theorem. 

Theorem: For any natural numbers m, n, ( m + 1) + n — ( m + n) + 1. 

We £x m and prove this by induction on n. 

The basis step is established by (m + 1) + 0 = m + 1 = (m + 0) + 1. 

The hypothesis of the induction step is (m + 1) + k — (m + k) + 1; the 
goal is to show (m+ 1) + (k+ 1) = (m + (k + 1)) + 1. (m + 1) + (k + 1) = 
((m + 1) + k) + 1 by axiom, which is equal to ((m + k) + 1) + 1 by 
inductive hypothesis, which is in turn equal to (m + (k + 1)) + 1 by 
axiom, completing the proof. 

Theorem: For any natural numbers m, n, m + n — n + m. 

Proof: We prove this by (you guessed it!) mathematical induction. 

The statement we actually prove by mathematical induction is “for any 
natural number n, for any natural number m, m + n = n + m." 

The basis step is “For any natural number m, m + 0 = 0 + m” . We 
just proved that! 

The induction hypothesis is “For any natural number m, m+k = k+m ” 
(for some fixed natural number k) and the induction goal is “For any 
natural number m, m + (k + 1) = (k + 1) + m”. Now m + (k + 1) = 
(m + k) + 1 by axiom, which is in turn equal to (k + m) + 1 by inductive 
hypothesis, which is equal to (k + 1) + m by the previous theorem, 
proving the induction goal and completing the proof of the theorem. 

Much more natural definitions of the arithmetic operations which use the 
intuitive idea that the numbers are sizes of sets are given below, and in terms 
of these definitions much more natural proofs of properties such as the ones 
just proved can be given. Proofs in Peano arithmetic are nonetheless a useful 
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exercise: they apply to quite different implementations of the natural num- 
bers (another implementation will be given later): for any implementation, 
if the Peano axioms hold, then all the theorems following from the Peano 
axioms also hold. 

Apparently stronger forms of both induction and recursion are available, 
but turn out to be equivalent to the basic forms already given. A presentation 
of these requires some prior discussion of the familiar order on the natural 
numbers. 

Definition: For natural numbers m, n, we say m < n ( m is less than or 
equal to n) just in case (3k. m + k — n). We define m < n (m is less 
than n) as m < n A m ^ n. We define m > n (m is greater than or 
equal to n ) as n < m, and similarly dehne m > n (m is greater than n ) 
as n < m. 

Note that we assume here that such things as the associative and com- 
mutative laws of addition have already been proved. 

Theorem: For all natural numbers m, n, k, if m + k = n + k then m = n. 

Proof: Fix m and n and prove by induction on k. This is obvious for k = 0. 
If it is true for k and m+(k+ 1) = n+(k+ 1), then (m+k )+ 1 = (n+k )+ 1 
by addition axiom, m + k = n + k by axiom 4, and m = n by inductive 
hypothesis. 

Theorem: The relation < on natural numbers just defined is a linear order. 

Proof: n < n = n + 0 is immediate. If m < n and n < m then we have 
n = m+k and m = n+l for some k and /, whence n = n + 0 = n+(k+l), 
so k + l = 0, whence it is easy to show that — 0, so m — n. If 

m < n and n < p, then for some k,l, m + k = n and n + l — p, so 
(m + k) + l — m + (k + l) — p. 

Theorem: m < n ^ m + k < n + k. 

m + p — n +} (m + k) + p — n + k 

Corollary: m < n -H- m + k < n + k 

Theorem: For all n e N, for all k G N, k < n -H- k < n + 1. 
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Proof: Prove this by induction on n. The basis step requires us to show 
that rn <()o rn < 1 for all m. If m < 0, then since 0 < 1 and 1^0, 
m < 1 is obvious. If rn ^ 0 then m — n + 1 for some n, so 1 < m, thus 
m < 1 — >• m — 0 (by contrapositive). Now if m < k -H- m < k + 1, for 
all m, we immediately have (m + 1) < (A: + 1) fG (m + 1) < (A: + 1) + 1 
We certainly also have 0<A; + 1 -b- 0< (A; + 1) + 1, and since every 
number is either 0 or a successor we have shown for all m that m < 
k + 1 -H- m < (k + 1) + 1 

Theorem (Strong Induction, set form): For any set A of natural num- 
bers, if (Vo G N.(Vx < a.x e A) — > a G A), then A — N. 

Proof: Suppose that A is a set of natural numbers and (Va G N.(V:r < a.x G 
A) — » a G A). We define the set B as {b G N.(Vx < b.x G A)}. We 
show that B is inductive. Since B C A is obvious, B — N — > A — N. 

Since (Vx < 0.x G A) is vacuously true, 0 G A For any b < 0, 
b = 0 G A, so 0 G B. 

Now suppose that k G B. Our goal is to show that k + 1 G B. Since 
k G B, we have p G A for all p < k, and so for all p < k + 1. It then 
follows that fc + 1 G d, and since we have p G A for all p < k + 1 as well, 
we also have k + 1 G B. This completes the proof that B is inductive, 
which we have already seen is sufficient for the proof of the theorem. 

Theorem (Strong Induction, property form): For any formula 0, (Va G 

N.(Vx < a.(j)[x\) — » 0[a]) — > (Vn G N.0[n]). 

Proof: This is proved in the same way as the previous theorem. 

There is a form of recursion which is to standard recursion (or iteration) 
roughly as strong induction is to standard induction. 

Theorem (Course-of- Values Recursion): Let A be a set. Let J 7 be the 
set of all functions with domain a proper initial segment 

{m G N | m < n} 

of the natural numbers and range a subset of A (notice that the function 
with domain 0 is one of these: set n — 0). Let G be any function from 
T to l“A. Then there is a uniquely determined function / : N — > A 
such that f(n) G G(f\{m G N | m < n}) for each n G N. 
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Proof: We define a function H from T to J~ as follows. If g E J- has domain 
{m e N | m < n}, define H(g ) as g U ({n} x G(g)) (recall that G(n) 
is the singleton set containing the intended value at n of the function 
being constructed). Now apply the iteration theorem: define f(n) as 
f/ n (0)(n). It is straightforward to verify that this function has the 
desired property. 

Example: An example of a function defined in this way, in which the value 
of / at any natural number depends on its values at all smaller natural 
numbers, would be f(n) = 1 + E i <n f(i) 

It is a usual exercise in a book of this kind to prove theorems of Peano 
arithmetic up to the point where it is obvious that the basic computational 
axioms of arithmetic and algebra can be founded on this basis (and we may 
do all of this in these notes or in exercises). It is less obvious that all usual 
notions of arithmetic and algebra can actually be defined in terms of the 
quite restricted vocabulary of Peano arithmetic and logic: this is very often 
asserted but seldom actually demonstrated. We supply an outline of how 
this can be established. 

We give basic definitions without (or with only an indication of) support- 
ing proofs to indicate that the expressive power of Peano arithmetic without 
set language is enough to talk about finite sets of natural numbers and to 
define recursive functions. This is a serious question because the definition 
of recursive functions above relies strongly on the use of sets. Notice that we 
use the alternative formulation of the definition of f n (a) in this development, 
because we only code finite sets of natural numbers as natural numbers here, 
and the alternative formulation has the advantage that it only talks about 
finite sets. 

Definition: For natural numbers m, n we say m\n (n is divisible by m or m 
is a factor of n ) iff there is a natural number x such that rn ■ x — n. 

Definition: A natural number p is a prime iff it has exactly two factors. 
(One of these factors must be 1 and the other p ^ 1 itself). 

Definition: Let p be a prime. A natural number q is a power of p iff p is a 
factor of every factor of q except 1. 

Definition: Let p be a prime and n a natural number. A nonzero natural 
number m occurs in the base p expansion of n just in case n can be 


84 



expressed in the form a ■ q + m ■ r + s, where q > r > s and q , r are 
powers of p. 

The underlying idea is that we now have the ability to code finite sets of 

natural numbers as natural numbers (and so in fact sets of sets, sets of sets 

of sets, and so forth). 

Definition: Define x G p y as “x + 1 occurs in the base p expansion of 
y v . For any prime p and naturals x±, ... ,x n all less than p — 1 define 
{xi, . . . , x n } p as the smallest natural number y such that (Vz.z £ p y ■ <->• 
z — xi V . . . V z — x n ). [there is something to prove here, namely that 
there is such a y\. 

Definition: Define {x,y) pq as {{x} p , {x,y} p } q . 

Definition: For any function /, we say that / is definable in Peano arith- 
metic iff there is a formula 4>[x,y\ in the language of arithmetic such 
that <j)[x,y] ^y = f(x). 

Theorem: For any function / definable in Peano arithmetic, y = f n (x) 
iff there are primes p < q < r such that there is a natural num- 
ber g such that (Vm < n.(3\y.(m,y) G r g )) and (0, x) G r g and 
(Vm < n.(Vy. ( m,y) p q G r g ->■ (m + 1, f(y)) P , q g))- Note that this 
is expressible in the language of Peano arithmetic, so all functions de- 
finable by iteration of definable functions are definable (and functions 
definable by recursion from definable functions are also definable since 
we can represent pairs of natural numbers as natural numbers and de- 
fine the projection functions of these pairs). 

Definition: Define d(x) as 2 • x. Define 2 n as d n \ 1). Define x Gn a as 

(3 y > x.(3z < 2D(3 u.a = u ■ 2 y + 2 X + z))). 

This expresses that the nth digit in the binary expansion of a is 1, and 
this supports a nice coding of finite sets of natural numbers as natural 
numbers, which we will have occasion to use later. 
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3.9.1 Exercises 


1. If I define a function I n such that /„(/) = f n (so for example 13(f) (x) = 
f 3 (x ) = f(f(f(x))), I invite you to consider the functions (/ n ) m . For 
example, compute (J 2 ) 3 (/)(a;). Compute (J 3 ) 2 (/)(a;). There is an equa- 
tion ( I m ) n = I F(m,n) j where F is a quite familiar operation on natural 
numbers, which you can write and might derive if you do enough exper- 
iments. There is a serious formal problem with this equation, though, 
in our type theory. What is the function F(m,n )? What is the formal 
problem? 

2. Prove the theorem 

(Vmn.(m + 1) + n — (m + n) + 1) 
of Peano arithmetic. 

Indicate each application of an axiom and of an inductive hypothesis. 
Do not apply theorems you have not proved yourself on your paper. 
You may identify <j(x) and x + 1 without comment for any natural 
number x. 

3. Prove as many of the following as you can in first-order Peano arith- 
metic, not necessarily in the given order. Your proofs should not men- 
tion sets or the type theory definitions of the natural numbers (this is 
all just arithmetic from the Peano axioms). 

Use proof strategy. You can be a little more freeform than heretofore, 
but take pains to make it clear what you are doing. You may use 
theorems already proved in the notes or already proved by you. You 
may not use anything else you think you know about arithmetic. 

Do prove at least two of them. 

The associative law of addition. 

The commutative law of multiplication. 

The associative law of multiplication. 

The distributive law of multiplication over addition. 



3.10 Equivalence Relations, Partitions, and Represen- 
tatives: the Axiom of Choice 

Definition: Sets A and B are said to be disjoint just in case An B = 0. 

Definition: A collection P of sets is said to be pairwise disjoint just in case 

(VA e P.(VB E P.A = B V A n B = 0)). 

Definition: A collection P of sets is a partition of A iff 0 ^ P, [J P = A, 
and P is pairwise disjoint. A partition of A is a collection of nonempty 
sets which do not overlap and which cover all of A. We say that a 
collection P is a partition iff it is a partition of (J P. 

Definition: If R is an equivalence relation and x E fid (R) we define [x] r, 
the equivalence class of x under R, as i?“({x}) = {y \ x Ry}. 

Theorem: If R is an equivalence relation, Pr = {[x]_r | x E fld(i?)} is a 
partition of fld(i?). 

Proof: Let R be an arbitrarily chosen equivalence relation. Define Pr = 
{[afU | x E f ld(i?)}. 

Our goal is to prove that Pr is a partition of fld(i?). Using the defi- 
nition of partition, this reduces to three subgoals. 

Goal 1:0^ Pr. Suppose for the sake of a contradiction that 0 E Pr. 
By the definition of Pr as a complex set abstract, this is equivalent 
to the assertion that 0 = \x]r for some x E fld(i?). Choose such 
an x. xRx holds because R is reflexive, whence x E [x]_r by the 
definition of equivalence class, whence x E 0, which yields the 
desired contradiction. This completes the proof of Goal 1. 

Goal 2: [j P R = f ld(i?). Use the proof strategy for showing the equal- 
ity of two sets. 

2a: Let x be an arbitrarily chosen element of [J Pr: our new goal 
is to show x E fid (R). Since x E |J Pr, we can choose a set 
A such that x E A and A E Pr. Since A E Pr, we can choose 
y such that A = [y\ R . x E A = [y\ R implies immediately that 
y R x, whence x E ild(R), which completes the proof of goal 
2a. 
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2b: Let x be an arbitrarily chosen element of fld(i?): our new 
goal is to show that x G 1J Pr- Since x G fld(/2), we may 
choose a y such that one of xRy or yRx is true. But then 
both are true because R is symmetric, and we have x G [y]R- 
From x G [y\n and [y] a G Pr, we deduce x G (JPr, complet- 
ing the proof of goal 2b. 

Since any element of either set has been shown to belong to the 
other, the two sets are equal, completing the proof of Goal 2. 

Goal 3: Pr is pairwise disjoint. Our goal is to show that for any 
elements A, B of Pr we have d = BVj4nF = 0To prove this, 
we assume that A and B are distinct and take A D B = 0 as our 
new goal. We prove this by contradiction: assume A fl B ^ 0 and 
our new goal is a contradiction. Since A fl B ^ 0, we may choose 
an x G A fl B. Since A, B G Pr we may choose y and z such that 
A = [y\ R and B = [z]r. If we had y = z we would have A = B and 
a contradiction, so we must have y ^ z. x G An B = [y\R fl [ 2 ]# 
implies x G [y]R and x G [ 2 ]#, whence we have xRy and xRz , 
whence by symmetry and transitivity of R we have yRz. We 
now prove A = [y\ R = [z\r = B, which will give the desired 
contradiction since A and B were initially supposed distinct. 

3a: Let u be an arbitrarily chosen element of [y] r. Our new goal 
is u G \z\r. u G [y\n implies y Ru , and yRz and symmetry 
imply zRy. Thus by transitivity of R we have z Ru and so 
u G [z\r. This completes the proof of goal 3a. 

3b: Let u be an arbitrarily chosen element of \z]r. Our new goal 
is u G [y]R. u G [z]r implies zRu, which in combination 
with yRz and transitivity of R implies y Ru, which implies 
u G [y\R, which completes the proof of goal 3b. 

Since the sets [y] r = A and [ 2 ]^ = B have the same elements, 
it follows that they are equal, which completes the proof of a 
contradiction, from which Goal 3 and the Theorem follow. 

Theorem: If V is a partition of A, the relation 

= v = {(x, y) | (3 B G V.x G B Ay G B)} 
is an equivalence relation with field A. 



Proof: This is left as an exercise. 


Observation: Further, =p R = R and P= v = V for any R and V: there is a 
precise correspondence between equivalence relations and partitions. 

An equivalence relation R represents a way in which elements of its field 
are similar: in some mathematical constructions we wish to identify objects 
which are similar in the way indicated by R. One way to do this is to replace 
references to an x G fld(i?) with references to its equivalence class [x]i?,. 
Note that for all x,y in fld(i?) we have xRy iff [x]# = [y}R. 

ft might be found inconvenient that [x] is one type higher than x. In such 
a situation, we would like to work with a representative of each equivalence 
class. 

Definition: Let P be a partition. A choice set for P is a set C with the 
property that B D C has exactly one element for each B G P. 

A choice set for the partition Pp will give us exactly one element of each 
equivalence class under R , which we can then use to represent all elements 
of the equivalence class in a context in which A-equivalent objects are to be 
identified. 

In some situations, there is a natural way to choose an element of each 
equivalence class (a canonical representative of the class). We will see exam- 
ples of this situation. In the general situation, we can invoke the last axiom 
of our typed theory of sets. 

Axiom of Choice: If P is a partition (a pairwise disjoint set of nonempty 
sets) then there is a choice set C for P. 

The Axiom of Choice is a somewhat controversial assertion with profound 
consequences in set theory: this seemed like a good place to slip it in quietly 
without attracting too much attention. 

Here we also add some terminology about partial orders. 

It is conventional when working with a particular partial order < to use 
< to denote [<] — [=] (the corresponding strict partial order), > to denote 
[<] _1 (which is also a partial order) and > to denote the strict partial order 

[>]-H- 

A minimum of < is an element m of fld(<) such that m < x for all 
x G fld(x). A maximum of < is a minimum of >. A minimal element 



with respect to < is an element m such that for no x is x < m. A maximal 
element with respect to < is a minimal element with respect to >. Notice 
that a maximum or minimum is always unique if it exists. A minimum is 
always a minimal element. The converse is true for linear orders but not for 
partial orders in general. 

For any partial order < and x € f ld(<), we define seg < (x) as {y j y < x} 
(notice the use of the strict partial order) and (<)z as [<] D (seg < (x)) 2 . The 
first set is called the segment in < determined by x and the second is called 
the segment restriction determined by x. 

For any subset A of fld(<), we say that an element x of fld(<) is a 
lower bound for A in < iff x < a for all a € A, and an upper bound for A 
in < iff a < x for all a € A. If there is a lower bound x oi A such that for 
every lower bound y of A, y < x, we call this the greatest lower bound of 
A, written inf<(A), and if there is an upper bound x oi A such that for all 
upper bounds y or A, we have x < y, we call this the least upper bound of 
A, written sup<(A). 

A special kind of partial order is a tree: a partial order <t with field T is a 
tree iff for each x G T the restriction of <t to seg < (x) is a well-ordering. A 
subset of T which is maximal in the inclusion order among those well-ordered 
by <t is called a branch. 
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3.10.1 Exercises 

1. Suppose that P is a partition. 

Prove that the relation ~p defined by 
x ~p y iff (3 A G P.x G A A y G A) 

is an equivalence relation. What is the field of this equivalence relation? 
Describe its equivalence classes. 

This is an exercise in carefully writing everything down, so show all 
details of definitions and proof strategy, as far as you can. 

2. This question relies on ordinary knowledge about the reals and the 
rationals, and also knowledge of Lebesgue measure if you have studied 
this (if you haven’t, don’t worry about that part of the question). 

Verify that the relation on real numbers defined by u x Ry iff x — y is 
rational” is an equivalence relation. 

Describe the equivalence classes under this relation in general. Describe 
two or three specific ones. Note that each of the equivalence classes is 
countably infinite (why?), distinct equivalence classes are disjoint from 
each other, and so we “ought” to be able to choose a single element 
from each class. 

Can you think of a way to do this (you will not be able to find one, 
but thinking about why it is difficult is good for you)? 

Suppose we had a set X containing exactly one element from each 
equivalence class under R. For each rational number q, let X q be the 
set {r + q \ r G X}. Note that X q is just a translation of X. 

Prove that {X q \ q G Q} is a partition of M. (This will include a proof 
that the union of the X q s is the entire real line). 

If you know anything about Lebesgue measure, you might be able to 
prove at this point that X is not Lebesgue measurable (if you can, do 
so). It is useful to note that the collection of X^’s is countable. 
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3.11 Cardinal Number and Arithmetic 

We say that two sets are the same size iff there is a one-to-one correspondence 

(a Injection) between them. 

Definition: We say that sets A and B are equinumerous and write A ~ B 
just in case there is a Injection / from A onto B. 

Theorem: Equinumerousness is an equivalence relation. 

Indication of Proof: It is reflexive because the identity function on any 
set is a function. It is symmetric because the inverse of a bijection is a 
bijection. It is transitive because the composition of two Injections is 
a bijection. 

Definition: For any set A, we define |A|, the cardinality of A, as [A]^ = 
{B | B ~ A }. Notice that |A| is one type higher than A. We define 
Card, the set of all cardinal numbers, as {|A| | A 6 V}. 

The same definitions would work if we were using the Kuratowski pair, 

and in fact the cardinals would be precisely the same sets. 

We have already encountered some cardinal numbers. 

Theorem: Each natural number is a cardinal number. 

Proof: |0| = {0} = 0 is obvious: there is a bijection from 0 to A iff A — 0. 

Suppose that n £ N is a cardinal number: show that n + 1 is a cardinal 
number and we have completed the proof that all natural numbers are 
cardinals by mathematical induction. Let x be an element of n. There 
is a y ^ x because x ^ V (by the Axiom of Infinity). It suffices to show 
n + 1 = \x U To show this, we need to show that for any set z, 

z€n + liffz~a;U {y}. If z G n + 1 then z = v U {w} for some v e n 
and some w (jL v. Because n is a cardinal number there is a bijection / 
from x to v : fU{(y,w)} is readily seen to still be a bijection. Now let z 
be an arbitrarily chosen set such that z ~ xU{y}. This is witnessed by 
a bijection /. Now f~ lu x belongs to n because n is a cardinal number, 
and thus we see that v = f~ lu x U {/ -1 (y)} belongs to n + 1 (certainly 
/ _1 (y) fL f~ lu x), completing the proof. 

There is at least one cardinal number which is not a natural number. 
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Definition: We define K 0 as |N|. Sets of this cardinality are said to be 
countable or countably infinite. Infinite sets not of this cardinality (if 
there are any) are said to be uncountable or uncountably infinite. 

We provide some lemmas for construction of Injections from other bijec- 
tions. 

Lemma: The union of two relations is of course a relation. The union of 
two functions is a function iff the functions agree on the intersection of 
their domains: that is, if / and g are functions, / U g is a function iff 
for every x £ dom(f)Ddom(g) we have f(x) = g(x), or, equivalently but 
more succinctly, /|~dom(/) D dom(g) = g\dom(f) D dom(g). Note that it 
is sufficient for the domains of / and g to be disjoint. 

Definition: A function / is said to cohere with a function g iff /|"dom(/) D 
dom (g) = g|~dom(/) fl dom(^). 

Lemma: The union of two injective functions / and g is an injective function 
iff / coheres with g and / _1 coheres with g _1 . Note that it is sufficient 
for the domain of / to be disjoint from the domain of g and the range 
of / disjoint from the range of g. 

Lemma: For any x and y, {(x,y)} is an injection. 

Arithmetic operations have natural definitions. 

A cardinal |A| is the collection of all sets of the same size as A. Thus, 
if ac is a cardinal, we mean by “set of size ac” simply an element of ac. This 
is not true of all representations of cardinality: if we used a representative 
set the same size as A as |A|, for example, then a set of size ac would be 
a set equinumerous with k (the representation used in the usual set theory 
introduced later is of this latter kind). 

We define addition of cardinals. Informally, a set of size ac + A will be the 
union of two disjoint sets, one of size ac and one of size A. 

Definition (abstract definition of addition): If ac and A are cardinals, 
we define ac + A as 

{AU B \ A £ k A B £ \ A An B = $}. 


93 



There are some things to verify about this definition. One has to verify 
that «; + A is nonempty. If A E ft and Be A then 4 x {0} e k, B x {1} e A, 
and these sets are obviously disjoint. The fact that cartesian product is a 
type level operation is crucial here (so Infinity is required). One has to verify 
that ft + A is a cardinal. 

Observation: | v4. | + \B\ = |(AL x {0}) U (B x { 1}) j . 

Proof: Suppose A! and B' are disjoint sets with bijections / : A — >■ A' and 
g : B — »• B' . Then (7T 1 |/)U(7Ti|^) is a Injection from (ix{0})U(IIx{l}) 
to A 1 U B' . The union of these two injections is an injection because 
they have disjoint domains and disjoint ranges, and the union has the 
correct domain and range. 

It is perhaps preferable to simply take the Observation as the 

Definition (concrete definition of addition): |zl| + \B\ is defined as 

Px{0})U(Bx{l})|. 

(It is straightforward to show that this does not depend on the choice 
of representatives A and B from the cardinals). 

The abstract definition of addition would work if we were using Kura- 
towski pairs but the proof that addition is total would be somewhat harder. 
The Observation would be incorrect and in fact would not make sense because 
it would not be well-typed. 

Notice that the definition of ft + 1 as an addition of cardinals agrees with 
the definition of ft + 1 as a set already given in the development of finite 
number. 

Before discussing multiplication, we consider the notion of being the same 
size appropriate to sets at different types. 

Definition (alternative notation for singleton set): We define i{x) as 
{a;}. The point of this notation is that it is iterable: we can use i n (x) 
to denote the n-fold singleton of x. [But do notice that this is not an 
example of iteration as i is not a function (a function does not raise 
type). The n in < n (a;) is a purely formal bit of notation (like a type 
index) and not a reference to any natural number in our theory, and 
this is why it is in boldface] 
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Definition (singleton image operations): We define “x, the n-fold sin- 
gleton image of x as {i n (y) \ y € x}. For any relation R, we define R ,n 
as {(< n (a;), i n (y)) \ x Ry}. We define for any cardinal n as | z. n “^4| 

for any A e k. Note that A ~ B -H- l“ A ~ l u B is obvious: if / is a 
Injection from A to B, then f b will be a bijection from i u A to l u B. 
We define T~ n (n) as the unique cardinal A (if there is one) such that 
T n ( A) = k. 

Definition (sole element): We define < _1 ({a;}) as x. We define < -1 (AL) as 
0 if A is not a singleton. t~ n (i n (x)) will be defined as x as one might 
expect, if this notation is ever needed. 

The singleton map (or iterated singleton map) is in a suitable external 
sense injective, so a set equinumerous with i nu A, though it is n types higher 
than A, is in a recognizable sense the same size as A. 

The definition of T~ n depends on the observation that T n is an externally 
injective map from cardinals in type i to cardinals in type i + n, so if there 
is a suitable A there is only one. We leave open the possibility that T~ n (ft) 
is undefined for some cardinals k and indeed this turns out to be the case. 

We discuss the application of the T operation to natural numbers. 

Theorem: T( 0) =0 and T{n + 1) —T(n) + 1. 

Corollary: T(l) = 1; T( 2) = 2; T(3) = 3 . . . But we cannot say 

(Vn G N.T(n) = n ), 
because this is ungrammatical. 

Theorem: For all natural numbers n, T(n ) is a natural number. For all 
natural numbers n [not of the lowest type] T^ 1 (n) exists and is a natural 
number. 

Proof: We prove both parts by induction, of course. 

Our first goal is to prove that T(n) is a natural number for every natural 
number n. We observe first that T(0) = 0 is obvious, as t“0 = 0. Now 
suppose that k is a natural number and T{k) is a natural number. Our 
aim is to prove that T(k + 1) is a natural number. Each element of k + 1 
is of the form A\j{x} where A e k and x ^ A. T(k+1) — |i“(^4u{x})|. 
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But t“(All{a;}) = t“/lU{{j}}. Obviously l“A G T(k) and {x} ^ l u A, 
so l“A U {{x}} g T(k) + 1 G N, so T(k + 1) = T(k) + 1 G N. 

Our second goal is to prove that T' _1 (n) exists and is a natural number 
for each natural number n (not of the lowest possible type). Since 
T( 0) = 0, we also have T _1 (0) = 0, so T _1 (0) exists and is a natural 
number. Let k be a natural number such that there is a natural number 
l such that T(l) = k (which is equivalent to saying that T~ x {k) exists 
and is a natural number). Choose a set A of cardinality l. Choose 
x A. \A U {a:}| =1 + 1 and \i“(A U {a;}) | = \i“A U {{a;}}| = k + 1 is 
obvious, so T{1 + 1) = k + 1, whence T~ x (k + 1) exists and is a natural 
number as desired. 

Reasonable Convention: It is reasonable to simply identify the natural 
numbers at different types and there is a way to make sense of this in 
our notation: allow a natural number variable n of type k to appear at 
other types with the understanding that where it appears in a position 
appropriate for a variable of type k + i it is actually to be read as 
T l {n). We will not do this, or at least we will explicitly note use of this 
convention if we do use it, but it is useful to note that it is possible. 


96 



Rosser’s Counting Theorem: {1, . . . ,n} E T 2 (n), for each positive nat- 
ural number n. 

Discussion and Proof: Of course {1, . . . , n} = {m E N | 1 < m < n} has 
n members, if n is a concrete natural number. But the second n we 
mention is two types higher than the first one: we fix this by affixing 
T 2 to the second one, so that both occurrences of n have the same type. 

What this actually says is that if we have a set A belonging to a natural 
number n, we can put t 2u A (the set of double singletons of elements 
of A) into one-to-one correspondence with the set of natural numbers 
{1, . . . ,n} of the type appropriate for A E n to make sense. This can 
be proved by induction on the number of elements in A. If A has 
one element a, clearly there is a bijection between {{{a}}} and {1} 
(all that needs to be checked is that these objects are of the same 
type: the number 1 being considered satisfies A E 1). Suppose that 
for all A E n, i 2u A ~ {l,...,n}. We want to show that for any 
B E n + 1, i Ll B ~ {1, . . . , n + 1}. B = A U {x} for some A E n,x ^ A. 
There is a bijection / from i 2u A to {1, ... , n} by inductive hypothesis. 
/ U + 1) is easily seen to witness the desired equivalence in 

size. 

Von Neumann’s Counting Theorem: For any natural number n, 

{m E N | m < n} E T 2 (n). 

Discussion: This is true for the same reasons, ft is not really a theorem 
of von Neumann, but it relates to his representation of the natural 
numbers. 

Notice that these counting theorems could be written in entirely unex- 
citing forms if we adopted the Reasonable Convention above, ft would then 
be the responsibility of the reader to spot the type difference and insert the 
appropriate T operation. This would have to be done in order to prove either 
of these statements. 
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A fully abstract definition of multiplication would say that k- A is the size 
of the union of k disjoint sets each of size A. To state this precisely requires 
the T operation just introduced. 

*Definition (abstract definition of multiplication): k- A is the uniquely 

determined cardinal of a set (J C where C is pairwise disjoint, C G T(k), 
and CCA. 

The details of making this definition work are quite laborious. Infinity 
is required to show that there are such sets for any k and A, and Choice 
is required to show that the cardinal is uniquely determined. We regret- 
fully eschew this definition and use a more concrete definition employing the 
cartesian product: 

Definition (concrete definition of multiplication): |A| • \B\ is defined 
as \A x B\. It is straightforward to show that this does not depend on 
the choice of representatives A, B from the cardinals. 

If we were using the Kuratowski pair we would define 

\A\ ■ \B\ = T~ 2 (|A x B\). 

It would be harder to show that multiplication is total. We would also have 

|A| + |5| = T- 2 (|(A X {0})U(5x{1})|) 

if we were using the Kuratowski pair. 

The T operation commutes with arithmetic operations: 

Theorem: For all cardinal numbers k and A, T(k) + T( A) = T(k + A) and 
T(k-A) = T(k)-T( A). 
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Theorems of cardinal arithmetic familiar from the theory of natural num- 
bers (and from ordinary experience) have much more natural proofs in set 
theory than the inductive proofs given in Peano arithmetic. 

Theorem: The following identities are true for all cardinal numbers n, A, // 
(including natural numbers). 

1. k + 0 = n; n ■ 1 — k 

2 . k ■ 0 = 0 

3. hi + X = X + hi] hi-X = X- K 

4. (^c T A) -) - fi — k (A T /r) 5 ( k • A) • /i = k • (A • /i) 

5. hi ■ (A + n) = hi ■ A + hi ■ [1 

All of these admit very natural proofs. 

Sample Proofs: 

commutativity of multiplication: Let hi, A be cardinal numbers. Choose 
sets A and B such that n = \A\ and A = \B\. k ■ X = \A x B\ and 
A • k — \B x A\] what remains is to show that there is a Injection 
from \A x B\ to \B x A\. The map which sends each ordered pair 
(a, b) (for a G A, b G B) to (b, a) does the trick. 

associativity of addition: Let n,X,n be cardinal numbers. Choose 
A,B,C such that k = |A|,A = \B\,/jl = \C\. (|A| + \B\) + \C\ = 

\A x {0}Ufi x {1}| + |C| = |(Ax{0}U5x{l})x{0}UCx{l}| = 
|{((a, 0) , 0) | a G A} U {((&, 1) , 0) | b G B} U {(c, 1) | c G C}\ 

Similarly |A| + (\B\ + |C|) = |{(a, 0) j a G A} U {((&, 0) , 1) | b € 

B} U {((c, 1) , 1) | c G C}\. 

A bijection from {((a, 0),0) | a G A} U {((6,1), 0) | b e B} U 
{(c, 1) | c G C} to {(a, 0) | a G A} U {((b, 0) , 1) | b G B} U 
{((c, 1) , 1) | c G C} is provided by the union of the map send- 
ing each ((a, 0 ), 0 ) to (a, 0), the map sending each ((&, 1) , 0) to 
((b, 0) , 1) and the map sending each (c, 1) to ((c, 1) , 1). Each of 
these maps is a bijection, they have disjoint domains and disjoint 
ranges, so their union is still a bijection. The existence of this 
bijection witnesses the desired equation. 
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Important arithmetic properties of the natural numbers not shared by 
general cardinals are the cancellation properties. It is not true in general 
that hi + p = \ + /i-^K = \, nor that k-/i = A- ^A/i^0->k = A. This 
means that we do not get sensible notions of subtraction or division. 

But the following is a 

Theorem: For any cardinals k, A and any natural number n, n+n = X+n — y 
k, — A. 

Proof: It suffices to prove k + 1 = A + 1 — > k — X: the result then follows 
by induction. 

Suppose k+ 1 = A + l. Let A and B be chosen so that k = |Al|, A = \B\, 
and neither A nor B is the universal set V. Note that if either A or B 
were the universal set, we could replace it with V x {0} rs_/ V. Choose 
x A,y qL B. We have |Au{a;}| = k + 1 = A+l = \BU{y}\. This means 
we can choose a bijection f : (Ax {x}) ->(Bx {?/}). Either f(x) = y 
or f(x) ^ y. If f(x) = y , then f\A is the desired bijection from A to 
B, witnessing k = A. If f(x) ^ y, then f-{{x, f(x))}-{(f~ 1 (y),y)}U 
{(/~ 1 (l/), f(x))} is the desired bijection from AtoB witnessing k = A. 
In either case we have established the desired conclusion. 
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3.11.1 Exercises 


1. Prove that \N\ + 1 = |N| + \N\ = |N| • |N| = |N|. 

Describe bijections by arithmetic formulas where you can; in any case 
clearly describe how to construct them (these are all familiar results, or 
should be, and all of the bijections can in fact be described algebraically: 
the formula for triangular numbers can be handy for this). I’m looking 
for bijections with domain N and range some more complicated set in 
every case. 

2. Verify the distributive law of multiplication over addition in cardinal 
arithmetic, 

W- m + \c\) = \A\-\B\ + \A\-\C\, 

by writing out explicit sets with the two cardinalities (fun with cartesian 
products and labelled disjoint unions!) and explicitly describing the 
Injection sending one set to the other. You do not need to prove that 
it is a bijection: just describe the sets and the bijection between them 
precisely. 

3. Prove that | (A, B) \ — |^4| + \B\ if the pair is taken to be a Quine pair. 

4. Explain why the relation A ~ B of equinumerousness (equipotence, 
being the same size) is an equivalence relation by citing basic properties 
of bijections. 

The structure of your proof should make it clear that you understand 
what an equivalence relation is. 

You do not need to prove the basic properties of bijections that are 
needed; you need only state them. 

Your proof should also make it clear that you know what A ~ B means. 

What are the equivalence classes under the relation ~ called in type 
theory? 

5. In this problem you will indicate a proof of the associative property of 
multiplication for cardinal numbers. 

Recall that ^4 ■ \B\ is defined as | A x B |. 

The goal is to prove that (|Aj • \B\) ■ |Cj = \A\ ■ (\B\ • |Cj). Describe 
sets of these cardinalities and (carefully) describe a bijection between 
them. You do not need to prove that the map is a bijection. 
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3.12 Number Systems 

In this section we give a development of the system of real numbers from the 
typed theory of sets. Part of the point is that this development is not unique 
or canonical in any way: we indicate how alternative developments might 
go. The development is full in the sense that all definitions of mathematical 
structures are given. Not all theorems are proved, though important ones 
are stated. 

We begin with the system N + of all nonzero natural numbers. We have 
already defined arithmetic operations of addition and multiplication on the 
natural numbers, and it is easy to see that N + is closed under these opera- 
tions. 

We now give a construction of the system Q + of fractions (positive ratio- 
nal numbers). 


Definition: For m, n G N + , we define m\n as (3a; G N + :m ■ x = n). This is 
read “n is divisible by m” and we say that m is a factor of n. 

Definition: For m, n G N + , we define gcd(m, n) as the largest natural num- 
ber x which is a factor of m and a factor of n. If gcd(m, n) = 1, we say 
that m and n are relatively prime. 

Theorem: If m ■ x — m ■ y, then x = y, where m, x,y G N + . 

Definition: If m ■ x — n, we define — as x (this is uniquely determined, 
if defined, by the previous theorem). Note that this notation will be 
superseded after the following definition. 


Definition: We define a fraction as an ordered pair (m, n) of nonzero natural 
numbers such that m and n are relatively prime. For any ordered 
pair ( m,n ) of nonzero natural numbers, we define simplify(m, n) as 

Note that simplify(m, n) is a fraction. After this 


gcd (m,n ) 5 gcd(m,n) ^ 

point, we use the notation — to denote simplify(m, n). 


Observation: It is more usual to define an equivalence relation (m, n) ~ 
(p, q) on ordered pairs of nonzero natural numbers (usually actually 
ordered pairs of integers with nonzero second projection) as holding 
when mq = rip (a proof that this is an equivalence relation is needed) 
then define fractions (more usually general rationals) as equivalence 
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classes under this relation. The construction given here uses canonical 
representatives instead of equivalence classes. 

Definition: We define — + - as inq+np and — • - = — . We define — < - 

n q pq n q nq n — q 

as holding iff mq < np. We leave it to the reader to prove that these 
definitions are valid (do not depend on the choice of representation for 
the fractions), that < is a linear order, and that addition and multipli- 
cation of fractions have expected properties. The complete familiarity 
of these definitions may obscure the fact that work needs to be done 
here. 

Now we proceed to define the system of magnitudes (positive real num- 
bers). 

Definition: A magnitude is a set m of fractions with the following proper- 
ties. 

1. m and Q + — m are nonempty. 

2. ( Wpq G Q + .p G m A q < p — * q G m): m is downward closed. 

3. (Vp G m.(3q G m.p < q))\ m has no largest element. 

The motivation here is that for any positive real number r (as usually 
understood prior to set theory) the intersection of the interval (0, r) with 
the set of positive rationals uniquely determines r (and of course is uniquely 
determined by r) and any set of positive rationals m with the properties given 
above will turn out to be the intersection of the set of positive rationals and 
(0, sup m ). 

Definition: For magnitudes m and n, we define m + n as 

{p + q\ pemAqen} 


and m ■ n as 


{p-q\pemAqe n}. 


We define m < n as m C n. We leave it to the reader to prove 
that addition and multiplication of magnitudes always yield magnitudes 
and that these operations and the order relation have the expected 
properties. 
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This is where the payoff of our particular approach is found. It is more 
usual to use intersections of intervals (— 00 , r) with all the rationals (positive, 
negative and zero) to represent the reals; with this representation of reals the 
definition of multiplication is horrible. 

We cite a 

Theorem: lim + x — m + y then x = y, for magnitudes m, x, y. 

Definition: If m + x = n, we define n — m as x (uniqueness of n — m if 
it exists follows from the previous theorem). This definition will be 
superseded by the following definition. 

Definition: We define a real number as an ordered pair of magnitudes one 
of which is equal to 1 (where the magnitude 1 is the set of all fractions 
less than the fraction 1 = y). For any pair of magnitudes (x,y), we 
define simp(a;, y) as ((x + 1) — min(x, y), (y + 1) — min(x, y)). Notice 
that simp(x, y) will be a real number. Denote simp(a:,y) by x — y 
(superseding the previous definition). 

Definition: We define (x — y) + (u — v) as [x + u) — (y + v). We define 
(x-y)-(u-v) as (xu+yv) — (xv+yu). We define x—y < u—v as holding 
precisely when x + v < y + u. We leave it to the reader to establish that 
everything here is independent of the specific representation of x — y 
and u — v used, and that the operations and the order relation have 
expected properties. 

A considerable amount of overloading is found here. Addition, multipli- 
cation and order are already defined for nonzero natural numbers when we 
start. In each system, addition, multiplication, and order are defined: these 
are different operations and relations in each system. Names of nonzero nat- 
ural numbers, fractions, and magnitudes are also overloaded: the natural 
number n is confused with the fraction y but it is not the same object, and 
similarly the magnitude {q G Q + | q < p} is not the same object as the 
fraction p, and the real number (m + 1) — 1 is not the same object as the 
magnitude m, though in each case we systematically confuse them. 

Certain important subsystems do not have a place in our development 
though they do in more usual developments. 

Definition: We define the real number 0 as 1 — 1. For each real number 
r = x — y we define — r as y — x. We define r — s as r + (— s) for reals 
r and s. 
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Definition: We define the set of integers Z as the union of the set of all 
(real numbers identified with) nonzero naturals, {0}, and the set of all 
additive inverses —n of (real numbers identified with) nonzero naturals 
n. 

Definition: We define the set of rationals Q as the union of the set of 
all (real numbers identified with) fractions p, {0}, and the set of all 
additive inverses — p of (real numbers identified with) fractions p. 

Definition: For any fraction q = — we define q as — . For any magnitude 
m, we define m~ l as {q l \ q m}. ft is straightforward to prove 
that m~ l is a magnitude and m ■ m~ 1 = 1 for each m. Now define the 
reciprocal operation for reals: ((m + 1) — 1) _1 = (m _1 + 1) — 1 and 
(1 — (m + l))^ 1 = 1 — (m -1 + 1) for each magnitude m, while (1 — l) -1 
is undefined. It can be proved that r ■ r -1 = 1 for each real r / 0. 
Finally, we define as r ■ for any real r and nonzero real s. 

We noted above that we have avoided the use of equivalence classes of 
ordered pairs at the steps passing to fractions and to signed real numbers, 
preferring to use canonical representatives. Simplification of fractions is of 
course a familiar mathematical idea; the canonical representation of reals we 
use is less obvious but works just as well. 

In this development we have followed the prejudices of the ancient Greeks 
as far as possible, delaying the introduction of zero or negative quantities to 
the last step. 
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The reals as defined here satisfy the following familiar axioms of a “com- 
plete ordered field”. Up to a suitable notion of isomorphism, the reals are 
the only complete ordered field. 

commutative laws: a + b = b + a; a ■ b = b ■ a. 

associative laws: (a + b) + c = a + (b + c); (a ■ b) ■ c = a ■ (b ■ c) . 

distributive law: a ■ (b + c) = a ■ b + a ■ c. 

identity laws: a + 0 = a;a-l = a. 

inverse laws: a + (—a) = 0; a • a^ 1 = 1 if a ^ 0. 

nontriviality: 0^1 

closure of positive numbers: If a > 0 and b > 0 then a + b > 0 and 
a ■ b > 0. [note that a > 0 is a primitive notion at this point in the 
development: the reals of the form r = (m + 1) — 1 are the ones for 
which we assert r > 0]. 

trichotomy: For each real number a, exactly one of the following is true: 
a > 0, a = 0, —a > 0. 

Definition: a < b iff b + (—a) > 0. 

Theorem: < thus defined is a linear order. 

completeness: Any nonempty set of reals which is bounded above (in terms 
of the order just defined) has a least upper bound. 
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3.13 Well-Orderings and Ordinal Numbers 

We recall that a well-ordering is a linear order with the property that the 

corresponding strict partial order is well-founded. 

Definition: A well-ordering is a linear order < with the property that for 
each nonempty subset A of f ld(<) there is a G A such that there is no 
b ^ a in A such that b < a: such an a is a minimal element of A (in 
fact, the minimal element is unique because < is linear). 

In this section, we study the structure of well-orderings. In this section 

we state and prove powerful and highly abstract theorems: for some concrete 

discussion of ordinal numbers, look toward the end of the next section. 

Definition: Two relations R and S are said to be isomorphic iff there is 
a bijection / from fld(i?) to fld(S') such that for all x,y, xRy 
f(x)S f(y). f is said to be an isomorphism from R to S. We write 
R S for “R is isomorphic to A” . 

Theorem: Isomorphism is an equivalence relation on relations. 

Definition: An equivalence class under isomorphism is called an isomor- 
phism type. 

Definition: Well-orderings are said to be similar iff they are isomorphic. 

Theorem: A relation isomorphic to a well-ordering is a well-ordering. 

Definition: The isomorphism type of a well-ordering is called its order type. 
We write ot(<) for the order type [<]~ of <. A set is an ordinal number 
iff it is the order type of some well-ordering. The set of all ordinal 
numbers is called Ord. 

There are few well-orderings familiar to us from undergraduate mathematics. 

Any finite linear order is a well-ordering. 

Theorem: For any n G N, any two linear orders with field of size n are 
isomorphic and are well-orderings. 

Theorem: A well-ordering is finite iff its converse is also a well-ordering. 

Our use of “finite” in the previous theorem might cause confusion, 
which will be alleviated by considering the following 
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Lemma: A relation (considered as a set) is finite iff its field is finite. 

Definition (finite ordinals): For each natural number n, there is a unique 
ordinal number which is the order type of all orders with range of that 
cardinality: we also write this ordinal number as n, though it is not 
the same object as the cardinal number n. 

An amusing observation, depending crucially on the exact details of our 
implementation, is the following relationship between ordinal and cardinal 
numbers. 

Theorem: The ordinal number n is a subset of the cardinal number — p^. 

In the usual untyped set theory, with the usual implementations of the 
notions of ordinal and cardinal number, the finite cardinals and the finite 
ordinals are the same objects. We will see this in section 4. 

The usual order on the natural numbers is a well-ordering. The usual 
orders on the integers, rationals and reals are not well-orderings. Another 
example of an infinite well-ordering which is familiar from calculus is the 
order on reals restricted to the range of a strictly increasing bounded sequence 
taken together with its limit. 

Definition: We define u as the order type of the natural order on the natural 
numbers. 

We give some basic definitions for arithmetic of ordinal numbers. 

Definition (ordinal addition): For well-orderings R and S, we define an- 
other well-ordering R(BS. The field of R(BS is fid (R) x {0}Ufld(S') x 
{1}. {x, i) ( R(BS ) (y,j) is defined as i < j Vi = OAj = 0A x RyVi = 
1 A j = 1 A x S y. Intuitively, we make disjoint orders of types R and 
S and put the order of type R in front of the order of type S. Finally, 
we define a + /3 for ordinals a and P as ot (R © S ) for any flea and 

Sep. 

Another way to put this: for any relation R, define R x as {((a, x ) , ( b , x)) 
aRb}. Notice that R ~ R, x for any R and x and R x D S y = 0 for any 
R and S and any distinct x and y. For any ordinals a, P define a + /3 
as ot(i? 0 U (f ld(i? 0 ) x fld(S'i)) U Si) where Rea and S e p. It is 
straightforward to establish that Rq U (fld(i? 0 ) x f ld(S'i)) U Si is a 
well-ordering and that its order type does not depend on which repre- 
sentatives R and S are chosen from a and p. 
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Discussion: An order of type to + 1 is readily obtained: define x <' y as 

ieNAi/6ffA0<i<|/V!/ = 0. 

In effect, we move 0 from its position at the beginning of the order to 
the end. This is the same order type as that of a strictly increasing 
sequence taken together with its limit, which we mentioned above. 

The relation <' is not isomorphic to the usual < on the natural num- 
bers. An easy way to see this is that there is a <'-largest element of 
the field of <', and this is a property of relations which is preserved by 
isomorphism: if <'«< were witnessed by an isomorphism / then /( 0) 
would have to be the <-largest natural number, and there is no such 
natural number. 

Further, the field of <' is the same size as the field of < (in fact, it 
is the same set!): so the theorem that there is a unique order type of 
well-orderings of each finite cardinality n does not generalize to infinite 
cardinalities. 

Observe that an order of type to+to is a still more complex well-ordering 
with field the same size as the field of a relation of type to. A concrete 
example of such an order would be the order 

{{x,y) G N 2 | 2\(x -y) Ax <yV 2 J(x A2\ y}, 

which puts the odd and even numbers in their usual respective orders 
but puts all the odd numbers before all the even numbers. 

Definition (ordinal multiplication): For well-orderings R and S, we de- 
fine another well-ordering R®S. The field of R®S is f ld(i?) x fld(S'). 
(x, y) ( R ® S ) ( u , v) is defined as u S v V u = v A x Ry. This is reverse 
lexicographic order on the cartesian product of the fields of the rela- 
tions. Finally, we define a ■ (3 for ordinals a and (3 as S) for any 

and S G f3. 

The order to ■ to is a still more complex order type whose field is the 
same size as that of any relation of order type to. There are very 
complicated well-orderings with countable fields (whose order types 
are called countable ordinals ). 

The algebra of ordinal numbers contains surprises. Some algebraic laws 
do work much as expected, but some basic laws are not inherited from the 
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algebra of natural numbers. For example, u + 1^1 + lo = uj and u-2 ^ 

2 • uj = u. 

We now study the natural order relation on the ordinal numbers, which 

turns out to be a well-ordering itself (at a higher type). 

Definition: If < is a partial order and x G fld(<), we define seg < (x) as 
{y | y < x} (where < is the strict partial order [<] — [=]). seg < (x) is 
the segment determined by x. We define < x as [<] D seg < (x) 2 ; this is 
the segment restriction of < determined by x. 

Theorem: If < is a well-ordering and x G f ld(<) then < x is a well-ordering. 

Lemma: No well-ordering is isomorphic to one of its own segment restric- 
tions. 

Proof: Suppose that < is an isomorphism, x is in the field of <, and <~ (<) x 
is witnessed by an isomorphism /. Since f(x) ^ x is obvious (x is not 
in the range of /!), there must be a <-lcast y such that f(y) ^ y. Let 
A = seg < (y). Each element of A is fixed by /. In <, y is the least 
object greater than all elements of A. In (<)x, f(y) is the least object 
greater than all elements of A. The two orders agree on the common 
part of their field. Since f(y) is certainly in the field of <, we have 
y < f(y) (as otherwise f(y) would be a smaller strict upper bound for 
A in <). Since y < f(y), we have y in the field of (<)a;, and f(y) < y, 
as otherwise y would be a smaller strict upper bound for A in (<)z. So 
V = f{y), which is a contradiction. 

Corollary: No two distinct segment restrictions of the same well-ordering 
can be isomorphic to one another. 

Proof: One of them would be a segment restriction of the other. 

Definition: We say that a subset D of the field of a well-ordering < is 
“downward closed in <” iff (Vd G D.{\/e < d.e G D)). 

Lemma: For any well-ordering <, a set downward closed in < is either the 
field of < or a segment in <. 

Proof: Let D be a set downward closed in <. If x belongs to the field of 
< but does not belong to D, then d < x must be true for all d G D, 
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as otherwise we would have x < d E D, from which x E D would 
follow. This means that if D has no strict upper bound, it must be the 
entire field of <. If D does have a strict upper bound, it must have a 
<-least strict upper bound x because < is a well-ordering. We claim 
that D = seg < (x) in this case. If y E seg < (a;), then y cannot be a 
strict upper bound of D because x is the least strict upper bound of 
D, and so y must be an element of D. If y is an element of D, then y 
must be less than x because a: is a strict upper bound of D, that is, y 
is an element of seg < (a:). Sets with the same elements are the same. 

Theorem: If <1 and <2 are well-orderings, then exactly one of three things 
is true: either <1 and <2 are isomorphic, or <1 is isomorphic to a 
segment restriction (< 2 ) x , or < 2 is isomorphic to a segment restriction 

Proof: Let <1 be a well-ordering with field A. Let <2 be a well-ordering 
with field B. Define C as {a E A | —>(36 E B.(< i) a ~ (< 2 )&) }, the 
set of all elements of the field of <b whose segment restrictions are not 
isomorphic to a segment restriction in <2. If C is nonempty, it has a 
least element c. Each d <1 c does not belong to C, because c is the 
<i-least element of C. Thus, by the definition of C, there is an e E B 
such that (<i)d ~ (< 2 )e- There can be only one such e because no two 
segment restrictions of the same well-ordering can be isomorphic to each 
other. Thus there is a function F which maps each d <1 c to the unique 
e such that (<i)<2 ~ (53)e- We claim that F is an isomorphism from 
(<i) c to <2- This breaks down into three subclaims: F is an injection, 
F is order-preserving, and the range of F is B. For each d <! c, we have 
an isomorphism / witnessing (<i)d ~ (<2 )f(c 2)- For each d' < d, the 
restriction of / to seg <i (d / ) is an isomorphism from (<i)<f to (< 2 )f(d'), 
so in fact F(d') = f(d'). Because the range of / is the segment in < 2 
determined by F(d), we have F(d r ) = f(d') < F(d). This shows both 
that F is order preserving and that it is a bijection. Further, it shows 
that the range of F is downward closed, as we see that the restriction of 
F to the segment determined by d is the isomorphism from the segment 
determined by d to the segment determined by F(d). Since the range 
of F is downward closed, it must be either B or some seg <2 (a:), so 
F is either an isomorphism from (<i) c to <2 or an isomorphism from 
(<i) c to some (< 2 ) x . The latter case is impossible by the definition 
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of c, so we must actually have F an isomorphism from (<) c to < 2 , 
establishing the Theorem in this case. If the set C is empty, then for 
every a G A there is b E B such that (<i) a ~ (< 2 )i>. This b must be 
unique as no two distinct segment restrictions of < 2 can be isomorphic. 
For each a G A, we define F(a) as the unique b such that (<i) a ~ (<2)6- 
Exactly the same argument just given shows that F is a bijection, order- 
preserving, and has a downward closed range. From this it follows just 
as in the first case that F is an isomorphism from <1 to either < 2 
or some (< 2 ) x , establishing that the Theorem is true in this case. If 
< i ~<2 then we cannot have either (<i) x ^< 2 or (< 2 ) x ~<i because 
a well-ordering cannot be similar to one of its segment restrictions. 
If we had <i~ (<2)1, and further had < 2 ~ (<i) y , witnessed by an 
isomorphism g, then we would have <i~ (<i) g ( x ), which is impossible. 
This establishes that only one of the three cases can hold. 

Definition: If a and (3 are ordinal numbers, we define a < (3 as holding iff 
either a = f3 or each element of a is isomorphic to a segment restriction 
in each element of f3. 

Theorem: The relation < defined on ordinal numbers in the previous def- 
inition is a well-ordering. Where it is necessary to distinguish it from 
other orders, we write it <q. ot(<fj) is called fh notice that is not 
of the same type as the ordinals in the field of the relation of which 
it is the order type (it is 2 types higher; it would be 4 types higher if 
we defined well-orderings using the Kuratowski pair). 

Proof: Let a and (3 be ordinals. If <iG a and < 2 G /3, then either <i~< 2 , 
in which case a = (3, or <1 is isomorphic to a segment restriction in < 2 , 
in which case the same is true for any <i~<i and < 2 ~< 2 , or < 2 is iso- 
morphic to a segment restriction in <1, in which case the same is true 
for any < 2 ~< 2 and If more than one of these alternatives held 

for any pair of well-orderings, one of them could be shown to be isomor- 
phic to one of its own segment restrictions. Certainly a < a, so the < 
relation on ordinals is reflexive. If a < f3 and (3 < a this must be wit- 
nessed by isomorphisms between <iG a and < 2 G f3 in both directions, 
or once again we would have one of these well-orderings isomorphic to 
a segment restriction of itself. So the < relation on ordinals is anti- 
symmetric. If we have a < f3 and (3 < 7 and we choose <1, < 2 , <3 in 


112 



a, / 3 , 7 respectively, we have <1 isomorphic to < 2 or a segment restric- 
tion thereof, and < 2 isomorphic to <3 or a segment restriction thereof, 
and composition of isomorphisms gives us an isomorphism from <1 to 
<3 or a segment restriction thereof, thus a < 7, so the < relation on 
ordinals is transitive and is a linear order. Now let A be a nonempty 
set of ordinals. Let a e A. Let <16 a have held A. Consider the set 
B of all a G A such that (<i) a belongs to some element of A. If B is 
empty, then a is the <-smallest element of A. If B is nonempty, choose 
the smallest a in B : ot((<i) a ) is the <-smallest element of A. So the 
relation < on the ordinal numbers is a well-ordering, which is what we 
set out to prove. 
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3.13.1 Exercises 

1. Some linear orders are listed. For each one, state (correctly) that it is 
a well-ordering or that it is not. If it is not, explain precisely why it is 
not (this means give an example of something). If it is, give its order 
type (an ordinal number). 

(a) 0 

(b) the standard order on the integers restricted to G Z | — 2 < 
x < 2} 

(c) the standard order on the integers restricted to {a: G Z j x < 0} 

(d) the standard order on the rationals restricted to {-pi | n G N} U 
{1} 

(e) the standard order on the rationals restricted to j n g jqj. y 
{1} 

(f) the standard order on the reals restricted to the interval [0, 1] 

2. Prove that for any natural number n, any two linear orders with a field 
of size n are isomorphic, and all such linear orders are well-orderings. 
(How do we prove anything about natural numbers?) 

3. Prove that if R and S are well-orderings, so is R(BS. You need to prove 
that it is a linear order (which will probably require some reasoning by 
cases) and prove that it has the additional defining property of a well- 
ordering. 

Now that you are filled with self-confidence, do the same for R® S. 

4. Define sets of real numbers such that the restriction of the standard 
order on the real numbers to that set has each of the following order 
types: 

(a) ca + 1 

(b) u ■ 3 

(c) 3 • to 

(d) u ■ to 

(e) to ■ u ■ u (OK I suppose this is nasty, but see if you can do it) 
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5. Prove your choice of the two following annoying propositions (these are 
annoying in the sense that they are straightforward (even “obvious”) 
but there is a good deal to write down). 

(a) Isomorphism is an equivalence relation on relations. 

(b) A relation isomorphic to a well-ordering is a well-ordering. 
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3.14 Transfinite Induction and Recursion 

The following theorem is an analogue of mathematical induction for the or- 
dinals. 

Transfinite Induction Theorem: Suppose A is a set of ordinals with the 
following property: (Vo G Ord.(V,d < a. (3 G A) — >• a G 4). Then 
A = Ord. 

Proof: If A ^ Ord, then Ord — A is a nonempty set and so contains a 
least ordinal a. But then obviously (V/3 < a.f3 € 4), so a G A by 
assumption, which is a contradiction. 

Transfinite Induction Theorem (bounded form): Suppose A is a set 

of ordinals with the following property: (Vcc < 7 .(V/3 < a./3 G A) — > 
a £ A). Then (Vo < 7 .a G A). 

Transfinite Induction Theorem (property form): Suppose 0 [a] is a for- 
mula such that (Vo G 0rd.(V/3 < a.(p[f3]) — > 4>[a]). Then (Vo G 
Ord. 0 [a]). 

This looks like the theorem of strong induction for the natural numbers. 
We can make it look a bit more like the usual formulation of induction by 
defining some operations on ordinals. The alternative forms are easy to prove 
and are relevant to untyped set theory where there is no set containing all 
ordinals. [The property form would have to be restated using a predicate 
Ord(a;) in place of a set of all ordinals to prove theorems about all ordinals 
in a context where there is no set of all ordinals.] 

zero: We define 0 as the smallest ordinal (the order type of the empty well- 
ordering) . 

successor: For any ordinal a, we define the successor of a as the smallest 
ordinal greater than a. No special notation is needed for successor, 
since it is easy to show that the successor of a is a + 1. Every ordinal 
has a successor: for any infinite ordinal a containing a well-ordering W 
with minimal element x, ot (W — ({x} x f ld(IF)) U (f ld(IF) x {a:})) 
is a + 1 : the new order is obtained by moving the minimal element of 
W from bottom to top of the order. 
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limit ordinal: A nonzero ordinal which is not a successor is called a limit 
ordinal. 

Now we give a different formulation of Transfinite Induction. 

Transfinite Induction Theorem: Suppose that A is a set of ordinals such 
that 0 G A, for every ordinal a G A we also have a + 1 G A, and for 
any limit ordinal A such that for all f3 < A we have f3 G A, we also have 
A G A. Then A = Ord. 

Proof: Again, consider the smallest element of the complement of A (there 
must be a smallest if there is any). It cannot be 0 because 0 G A. 
It cannot be a successor (because its predecessor would be in A, so 
it would be in A). It cannot be a limit (because everything below it 
would be in A, so it would be in A). These are the only possibilities. 

We now give an extended example of proof by transfinite induction. For 
purposes of this example, we assume familiarity with the real numbers at the 
usual undergraduate level. We have seen in an earlier section of these notes 
how to construct the real numbers in our type theory; mod omitted proofs 
we are warranted in assuming that they are available at some type and have 
familiar properties. 

Definition: We say that an ordinal a is a countable ordinal iff the relations 
which belong to it have countably infinite fields. 

Lemma: For any countable ordinal a, there is a function / : N — > Ord such 
that for natural numbers i < j we have f{i) < f(j), f(i) < a for all 
i, and a is the least ordinal greater than all /(i)’s. More briefly, / is 
a strictly increasing sequence of ordinals whose least upper bound is 
a. We will reserve the right to use the usual notation for sequences, 
writing f[i ) = a { . 

Proof of Lemma: Let a be a countable ordinal, and let < be a fixed well- 
ordering of type a with field A. Because a is a countable ordinal, there 
is an enumeration a* of the set A (the function i 6 i 4 a ; being a 
bijection from N to A). We define a sequence bi recursively as follows: 
b 0 = ao- Once bi has been defined as a.j, we define bi + 1 as a*,, where k is 
the least natural number such that % < «/... The sequence b is strictly 
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increasing, and every element of A is <-dominated by some element of 
the range of this sequence (because Ok < bk for every natural number 
k, as is easy to prove by induction). We can thus define f(i) = cq as 
ot(<) 6i : these ordinals are clearly all less than the order type a of <, 
they increase strictly as the index increases, and any ordinal less than 
a , being the order type of some ( <) ak , is dominated by some a*,. 

Definition: For any subset X of the interval (0, 1] in the reals and any a < b 
real numbers, we define X^ as {(1 — x)a + xb \ x G X}. This is a 
scaled copy of X in the interval [a, b] . 

For any function / from N to 'P((0, 1]) (infinite sequence of subsets of 
(0,1]), define /* as U{/( n )[i- 2 -",i- 2 -™- 1 I n £ N}. This construction 
allows me to put together scaled copies of the infinite sequence of sets 
f(n), so that the scaled copies are disjoint and appear in the same order 
that the sets appear in the sequence. 

Theorem: For any finite or countable ordinal cq we can find a set of reals 
A Q C (0, 1] such that the order type of the restriction of the usual linear 
order on the reals to A a is a well-ordering of order type a. 

Proof: We break the proof into three cases: a = 0, a = (3 + 1 for some (3, 
or a a limit ordinal. 

In any of these cases, we assume that sets Ap C (0, 1] of reals such that 
the usual order on the reals restricted to Ap has order type [3 exist for 
each ordinal (3 < a. Our goal is to show we can find a set of reals A a 
such that the order type of the restriction of the usual linear order on 
the reals to A a is a well-ordering of order type a. 

If a = 0, A a = 0 is a subset of the reals such that the restriction of the 
natural order on the reals to this set has order type a = 0. 

If a — P+1, we assume the existence of Ap as above. The set (Ap)\ Q u U 
{1} has the desired properties: the order type of the natural order on 
the reals restricted to this set is clearly (3 + 1. 

If a is a limit ordinal, we have two cases to consider. If a is not a 
countable ordinal, we have nothing to prove. If a is a countable ordinal, 
we select a strictly increasing sequence cq such that the least upper 
bound of its range is a, as a Lemma above shows we are entitled to 
do. For each cq, we are given a set A ai C (0, 1] of reals with associated 
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order type cq. For each i, we select a subset A' a . of A a . which we now 
define. A' ao is dehned as A ao . For each i, <r \A ai+1 has a unique 
segment restriction of order type cq. A! 1 is obtained by subtracting 
the field of this segment restriction from A a . +l . Dehne f(i) as A' a and 
the set /* will be the desired set: this is the union of linearly scaled 
copies of all the A' Q .’s, made successively smaller so they will all fit into 
(0, 1]. It should be clear that the union of such linearly scaled copies 
has order type a. 

Theorem: Any ordinal a which is the order type of the natural order on a 
subset A of the reals is finite or countable. 

Proof: Given such an ordinal a and set A, we construct a set A' such that 
the natural order on A' also has order type a and all elements of A' are 
rational numbers (so A 1 must be finite or countable). For each element 
a G A, either a is the largest element of A or there is a first element 
a' of A which is greater than a. This is true because A is well-ordered 
by the usual order on the reals. Assume that we have an enumeration 
qi of the rationals. Let q a be the first rational in this enumeration 
which is greater than a and less than a' (or simply the first rational in 
this enumeration which is greater than a, if a is the largest element of 
A). It should be evident for all a,b G A that q a < -B- a < b. Thus 

{q a | a G A} is a set of rationals (thus finite or countable) and the order 
type of the natural order on this set is a, so cc is a finite or countable 
ordinal. 

We conclude that the order types of well-orderings that we can construct 
as suborders of the natural order on the real numbers are exactly the finite 
and countable ordinals. We will see below that there are uncountable ordinals 
(this will be our first evidence that there are infinite sets which are not 
countably infinite). 

We introduce a type raising operation on ordinals analogous to that al- 
ready given for cardinals and also traditionally denoted by T. 

Definition: For any relation R , we define R l as {(l(x) , i(y)) \ x Ry} = 
{({a;},{|/}) | xRy}. Notice that R b is one type higher than R and 
would seem in some external sense to be isomorphic to R. R' is simi- 
larly defined as {(i n (a:), L n (y)) \ x Ry} 
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Definition: For any ordinal a, we define T(a) as ot (R L ) for any R £ a (it 
is easy to show that the choice of R does not matter). Of course we 
can then also define T n (a) and T~ n (a) in the natural ways. 

Induction can actually be carried out along any well-ordering, but it is 
traditional to translate all transfinite inductions into terms of ordinals. A 
general way to do this involves indexing the elements of f ld(<) for a general 
well-ordering < with ordinals: 

Definition(ordinal indexing): For any well-ordering W, define W a as the 
unique element x of fld(IF) (if there is one) such that ot((<) 3 .) = a. 
[Note that if IF is a well-ordering of a set of ordinals this is different 
from (IF)o,, the segment restriction of IF to elements which are IF-less 
than a.] 

Notice that the type of a is one higher than the type of IF and two higher 
than the type of W a (it would be four higher than the type of W a if we used 
the Kuratowski pair). 

W a will be defined for each a iff a < ot(lF). 

Discussion of ordinal indexing in the natural order on the ordinals them- 
selves requires the following 

Theorem: ot((< Q ) a ) = T 2 (a) 

Proof: This is proved by transfinite induction. Note that what it says is 
that the order type of the segment restriction of the natural order on 
the ordinals to the ordinals less than a is T 2 (a). It is “obvious” that 
this order type is actually a itself, but of course the order type of the 
segment restriction is two types higher than a itself, so it is seen to be 
the corresponding ordinal T 2 (a) two types higher. 

So [<n] a = T~ 2 (a) (not a itself). 

Note that [<o]q, will be undefined for a = ot(<n) = D, but [<o]t 2 (o) = fh 
This shows that T 2 (f2) is not equal to in fact T 2 (f2) < Q because T 2 (f2) 
is the order type of a segment restriction of the natural order on the ordinals, 
whose order type is 

The result that T 2 (f2) < (in which there is of course a kind of punning 
reference to the sets of ordinals at different types) shows that there are in 
effect more ordinals in higher types. There is no well-ordering in type k as 
long as the natural order on the ordinals in type k + 2. 

Now we prove that there are uncountable ordinals. 
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Theorem: There are ordinals which are not finite or countably infinite (in 
sufficiently high types), and so there is in particular a first uncountably 
infinite ordinal cy. 

Proof: Consider the restriction of the natural well-ordering on the ordinals 
to the finite and countable ordinals. This is a well-ordering, so it has an 
order type, which we call cy. For each countable ordinal a, the order 
type of (<o) a is T 2 (a), and of course T 2 (a) < ay , because the former 
is the order type of a segment restriction of the latter. So it cannot 
be the case that cy = T 2 (a) for any countable ordinal a (of type two 
lower than that of cy). It only remains to show that every countable 
ordinal of the same type as cy is of the form T 2 (f 3 ). Suppose that 7 is 
a countable ordinal of the same type as cy. 7 is the order type of some 
well-ordering < with field the set of natural numbers. Now consider 
{(T~ 2 (m), T~ 2 (n)) \ m < n}. We know that there is a set of natural 
numbers two types lower than the one that < orders, because 7 is of the 
same type as ordinals T 2 (a) with a countable. We know that the T -1 
operation is total on the natural numbers. It follows that the relation 
just defined makes sense and is of some countable order type / 3 , with 
7 = T 2 (f 3 ), so 7 < cy. But 7 is an arbitrary countable ordinal of the 
type of cy, so cy is uncountably infinite. 

Corollary: There are sets which are infinite but not countably infinite. 

Proof: The field of any relation of type cy will serve: the set of finite and 
countable ordinals is shown to be uncountably infinite in the argument 
above. 

Here is another very important result about well-orderings whose proof 

is assisted by ordinal indexing. 

Theorem: Suppose that <iC < 2 are well-orderings. Then ot(<i) < ot(< 2 ). 

Proof: We can prove by an easy transfinite induction that [< 2 ] a is defined 
and [<2] a <2 [<i] a f° r each ordinal a < ot(<i). The map taking each 
[<i] Q to [<2 ] a is the desired isomorphism witnessing ot(<i) < ot(< 2 ). 

Of course, when the author says something is easy, that means he or 
she doesn’t really want to take the trouble to prove it. We now do so. 
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We prove by transfinite induction that [< 2 ] Q is defined and [< 2 ] a <2 
[<i] a for each ordinal a < ot(<i). 

Note first that an ordinal a is less than ot(<i) precisely if it is the order 
type of some (<1)3, by the definition of the order on the ordinals, and 
this x is [<i] a by the definition of ordinal indexing, so certainly [<i] Q 
is defined for every a < ot(<i). 

We fix an ordinal a < ot(<i). We assume that for every (3 < a, [<2\p 
is defined and [< 2 \p < 2 Our goal is to show that [< 2 ] a is defined 

and [< 2 ] a <2 [<i] Q - 

Observe that [<i]« exists, and for every (3 < a, [< 2 ]/3 < 2 [<i]/3 <2 [<i] Q . 
([<1]^ <1 [<i]« — * [<i]/3 <2 [<i] a because <iC< 2 ). This means that 
there is at least one object which is > 2 all the [< 2 ]^’s for /3 < a, so 
there must be a < 2 - least such object x. We claim that x = [< 2 ] a . The 
objects < 2 x are precisely the [< 2 ]^’s for (3 < a, so the order types of 
the initial segments of (<2)1 are precisely the ordinals less than a, so 
the ordinals less than the order type of (< 2 ) x are precisely the ordinals 
less than a, and so its order type ... is a as desired. 

Now we develop a construction analogous to recursive definition of func- 
tions of the natural numbers. Just as transfinite induction is analogous to 
strong induction on the natural numbers, so transfinite recursion is analogous 
to course-of-values recursion on the natural numbers. 

Transfinite Recursion Theorem: We give a nonce definition of T as the 
set of all functions whose domains are segments of the natural order on 
the ordinals [or on the ordinals less than a fixed 7]: 

J 7 = {f | (3a G Ord ./ : seg< n (a) ->• V)}. 

Let G be a function from T to l“V. Then there is a unique function 
g with domain Ord [or with domain the set of ordinals less than 7] 
with the property that for every ordinal a [or for every ordinal a < 7] , 
{g{a)} = G(g \{/3 \ < a}). 

Proof: We say that a set / is G-inductive iff whenever a function / e T 
with domain {j 3 G Ord | (3 < a} is a subset of /, {a} x G(f) will be 
a subset of I. Our claim is that g, defined as the intersection of all 
G-inductive sets, is the desired function. 
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We first observe that Ord x V is G'-inductive, so every element of g 
actually is an ordered pair whose first projection is an ordinal, as we 
would expect. 

We then prove by transfmite induction on a that g a = gflseg <n (a;) x V 
is a function with domain seg <fi (o;). For a = 0 this is obvious (the 
empty set is a function with domain the empty set of all ordinals less 
than 0). Suppose that gp is a function with domain the set of ordinals 
less than /3: our goal is then to show that gp+i is a function with 
domain the set of ordinals less than f3 + 1. We claim that Xp = gp U 
({/?} x G(gp )) U ({7 | 7 > {3} x V) is G'-inductive. Suppose that / is a 
function with domain the set of ordinals less than 5 and / is a subset 
of Xp. If 5 < (3, it follows that / is a subset of gp and so {5} x G(f) 
is a subset of g (because g is G'-inductive) and also a subset of gp and 
so of Xp because the first projection of its sole element is 5 < p. If 
8 — (3, then f = gp and {/?} x G(gp) is a subset of Xp by construction. 
If 5 > P, then G(f) is a subset of Xp because the first projection of 
its sole element is 5 > j3. From this we can see that gp U G(gp) is 
precisely gp + \. G'-inductiveness of g shows that gp U ({/?} x G(gp)) 
must be included in g, because gp is included in g; G'-inductiveness of 
Xp shows that g, and so gp+i, does not include any ordered pairs with 
first component P + 1 and second component outside of G(gp). Clearly 
gp+i is a function, with the same value as gp at each ordinal < P and 
the sole element of G(gp) as its value at /3, so its domain is the set of 
all ordinals less than f3 + 1 as desired. Now we consider the case of a 
limit ordinal A with the property that gp is a function for each (3 < X. 
In this case g\ is the union of all the gp' s. The only way it could fail 
to be a function is if some two gp' s had distinct values at some ordinal. 
But this is impossible: it is clear from the definition that gp C gpi for 
P < P'. It is also obvious that the domain of g\ is the union of the 
domains of the gp' s, and the union of the segments determined by the 
ordinals less than a limit ordinal is the segment determined by that 
limit ordinal. 

Since g is a relation with domain the set of ordinals and its restriction 
to any initial segment of the ordinals is a function, it is a function. We 
showed above that the value of gp + i (g restricted to the ordinals less 
than P + 1) at P is the sole element of G(gp), the value of G at the 
restriction of g to the ordinals less than P, and this is the recurrence 
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relation we needed to show. Suppose that g ^ g' were two distinct 
functions satisfying this recurrence relation. Let 6 be the smallest or- 
dinal such that g(S) ^ g'(S). Note that (g(<5)} = G(g\{ 7 | 7 < 5}) = 
G(g '\{ 7 | 7 < 5}) = {g'(<5)} by the shared recurrence relation and the 
fact that g and g' agree at ordinals less than <5, a contradiction. 

We give the qualifications needed for a bounded formulation of recursion 
in brackets in the statement of the theorem: this is the form which would be 
used in untyped set theory but also in many applications in typed set theory. 

We present a variation of the Recursion Theorem: 

Transfinite Recursion Theorem: Suppose we are given a set a, a func- 
tion / and a singleton-valued function F (of appropriate types which 
can be deduced from the conclusion): then there is a uniquely deter- 
mined function g : Ord — * V such that g(0) = a, g(a + 1) = f(g(a)) 
for each a, and g( A) is the sole element of F({g(/3) \ /3 < A}) for each 
limit ordinal A. 

Proof: This is a special case of the theorem above. The function G : F — > 
l“V is defined so that G(0) = { a}]G(k ) = {f(k(a))} if a is the maxi- 
mum element of the domain of k\ G(k ) = F({k(/3) | /3 < A}) if the limit 
ordinal A is the supremum of the domain of k. The stated recurrence 
relations are then equivalent to (g(a)} = G(g\{/3 j f3 < cc}). 

The alternative theorem could also be stated in a bounded form. 

We define ordinal iteration in a special case. Suppose / is a function 
and < is an order on elements of its field understood from context. Define 
f°(x) as x , f a+1 (x ) as f(f a (x)), and f x (x) as sup {f^(x) | /3 < A}. This 
will uniquely determine a function by either of the recursion theorems. It 
would seem most natural to do this construction when / was an increasing 
function in < with the property x < f(x). A common choice of < would be 
the subset relation. 
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The arithmetic operations on the ordinals defined above can also be de- 
fined by transfinite recursion. 

recursive definition of addition: This resembles the iterative definition 
of addition on the natural numbers. 

1 . a + 0 = a 

2. a + (/3 + 1) = (o; + (3) + 1 

3. a + sup(A) = sup({(o; + /?) | /? 6 A}) 

recursive definition of multiplication: This resembles the iterative def- 
inition of multiplication on the natural numbers. 

1 . a ■ 0 = 0 

2. ex • (/3 T l ) — ol • (3 -\- ol 

3. a ■ sup(A) = sup({o • /3 | [3 G A}) 

recursive definition of exponentiation: Of course a similar definition of 
exponentiation on natural numbers could be given (and is actually in 
effect included here). There is a set theoretical definition of exponen- 
tiation of ordinals as well, but it is a bit technical. 

1. a 0 = 1 

2. aP +1 = a 13 ■ a 

3. Q/ sup O) = supdcd 3 | (3 G A}) 

All the ordinal arithmetic operations commute with the T operation: 

Theorem: For any ordinals a and /3, T(a + /3) — T(a) + T(/3); T(a ■ (3) = 
T(a)-T(/3); T(a^) = T{a) T ^\ T(ct ) < T(/3) Ga</3; ifT" 1 ^) exists 
and T“ 1 ( / 3) does not, then a < f3. 
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We now consider the original application of set theory due to Cantor, 

which includes an example of construction of a function by transhnite recur- 
sion. This involves a further discussion of sets of reals. 

accumulation point: If X is a set of reals and r is a real number, we 
say that r is an accumulation point of X iff every open interval which 
contains r contains infinitely many points of X. Note that r does not 
have to be an element of X to be an accumulation point of X. 

closed set: A set of reals X is said to be closed iff every accumulation point 
of X is an element of X. 

derived set: For any set X of reals, we define the derived set X' of X as 
the set of accumulation points of X. 

Observations: Obviously X is closed iff X' C A". Whether X is closed or 
not, X' is closed: if any interval containing r contains infinitely many 
points of X' , then it contains at least one element of X' (accumulation 
point of A^) because it contains infinitely many, and so it contains 
infinitely many points of X, and so r is itself an accumulation point 
of A" and thus an element of X' . This means further that if we iterate 
applications of the derived set operator, the first iteration may make 
our set larger but all subsequent iterations will fix it or remove elements 
from it. 

iteration of the derived set construction: This is a definition by trans- 
hnite recursion. Define Aff as X. Define A £ +1 as (Aj)'. At limit 
stages, take intersections: define A* as f1{ A 7 I 7 < A} for each limit 
ordinal A. 

Theorem: For every countable ordinal a, there is a set of reals A C (0, 1] 
with the property that A^ = { 1 } (and so A^ +1 = 0 ). 

Proof: We prove this by transhnite induction on a. If a = 0, the set {1} has 
the desired properties. Suppose that we have a set A C (0, 1] such that 
At) = { 1 }. Let / be the function which sends each natural number n to 
the set A: f* U {1} will have the desired property. This set consists of 
infinitely many successively smaller copies of A approaching the limit 
point {1}. Application of the derived set operator /3 times will reduce 
each of the infinitely many scale copies of A in f* U{1} to a single point. 
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The next application of the derived set operator will leave just {1} (1 
is the only accumulation point). So f* U {1} is the desired set for which 
(3 + 1 applications of the derived set operator yields {1}. Now let A be 
a countable limit ordinal. There will be a strictly increasing sequence 
Aj of ordinals such that A is the least ordinal greater than all the Aj’s 
(this is proved above). By inductive hypothesis, we may assume that 
for each i we have a set Ai such that Ajy = {1}. Define f(i) = Ai (you 
might note that this actually requires the Axiom of Choice!). Define 
A = f* U {1}. Observe that application of the derived set operator 
to A Aj T 1 times eliminates the copy of Ai, for each i. Notice that 
application of the derived set operator A* times always leaves {1} in 
the set, as the scaled copies of Aj for j > i still have nonempty image, 
so clearly 1 will still be an accumulation point. It follows from these 
two observations that the intersection of all the sets Aj)., which will be 
Aj), will contain no element of any of the original scaled copies of the 
Aj’s but will contain 1: it will be {1} as required. 

The sets shown to exist by this Theorem are in a sense “discrete” (they 
cannot be dense in any interval, or no iteration of the derived set operation 
could eliminate them), but have progressively more complex limit structure 
calibrated by the countable ordinal a. The applications of these concepts 
by Cantor to problems in the convergence of trignonometric series are the 
original motivation (or one of the original motivations) for the development 
of transfmite ordinals and of set theory. 
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3.14.1 Exercises 


1. Prove that for any ordinals a, f3, 7 , if a + /? = a + 7 then (3 = 7 .’ 

You can probably prove this by transhnite induction, using the recur- 
sive definitions, but it can be proved using the set theoretic definition 
and structural properties of ordinals as well. 

Give a counterexample to “if (3 + a = 7 + a then [3 — 7 ” . 

2 . In type theory, prove that for all ordinals a and (3, ifa + l= /3 + l 
then a = (3. This is best proved by considering actual well-orderings 
and isomorphisms between them (not by transhnite induction). 

3. Prove by transhnite induction: Every infinite ordinal can be expressed 
in the form A + n, where A is a limit ordinal and n is a finite ordinal, 
and moreover it can be expressed in this form in only one way (for this 
last part you might want to use the result of the previous problem). 
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3.15 Lateral Functions and T operations; Type- Free 
Isomorphism Classes 

We have observed that cardinals k and T u (k), though of different types, are 
in some sense the same cardinal, and similarly that ordinals a and T n (a), 
though of different types, are in some sense the same order type. 

We have T n (|d|) = \B\ iff |t n N4| = \B\, that is iff there is a Injection 
/ : i nu A — y B. The Injection / witnesses the fact that A and B are “the 
same size” , by exploiting the fact that A and t n U A are externally “the same 
size”. 

We introduce the following definitions. 

Definition (lateral relations): If R C i nu A x B, we define x R n y as hold- 
ing iff < n (a;) R y. Similarly, if S' C Ax t n U B, we define x S’_ n y as holding 
iff x S L n (y). 

Definition (description of lateral relations): We define Ax n B as ( n “ix 
B and 

A x_ n B as A x t nu B. 

Definition (lateral functions): If / : — > B, we define f n (a) = 

/(t n (a)) for each a € A. Similarly, if g : A — > i n “B, we define 
ff-n(a) = r n (g(a)). 

Definition (description of lateral functions): f n :A^-B is defined as 
/ : i nli A — > B ; f_ n : A — > B is defined as / : A — > i nu B. 

Note that in none of these notations is a boldface subscript actually part 
of the name of a function or relation: the boldface subscripts are always 
indications of the role the function or relation is playing in the expression. 

This definition allows us to code relations and functions with domains 
and ranges of different types. Note that this definition allows us to say 
that T n (|A|) = \B\ iff there actually is a (lateral) bijection from A to B\ 
The definition also allows us to assert that well-orderings of types a and 
T n (a) actually are “isomorphic” in the sense that there is a lateral function 
satisfying the formal conditions to be an isomorphism between them. 

We present the Transfinite Recursion Theorem in a slightly different for- 
mat: 
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Transfinite Recursion Theorem: We give a nonce definition of T as the 
set of all functions whose domains are segments of the natural order on 
the ordinals [or on the ordinals less than a fixed 7]. Let G_ 1 : T — > V . 
Then there is a unique function g with domain Ord [or with domain 
the set of ordinals less than 7] with the property that for every ordinal 
a [or for every ordinal a < 7], g(a ) = G_i(g|~seg(a)). 

We give a general “comprehension” theorem for functions and relations 
with a type differential. 

Theorem: If (j)[x n ,y n+k ] is a formula, there is a set relation R such that 
x R\lV <f>[ x, y] (where types revert to being implicit in the second 

formula) . 

If (f){x n+k , y n ] is a formula, there is a set relation R such that x R - k y GG 
4>[x,y\ (where types revert to being implicit in the second formula). 

If (\/x n G A.{3\y n+k .(f>[x n ,y n+k })), then there is a function / k : A — >■ V 
such that for any x G A, y = fk(x) GG (p[x, y}. 

If ( \/x n+k G A.(3\y n .<fr[x n+k ,y n ])), then there is a function /_ k : A — > V 
such that for any x G A, y = /_ k (a;) GG (p[x, y\. 

Corollary: If A n and B n+k are sets and there is a formula (j)[a, b] such that 
(Vo G A.(3\b G B.(f>[a,b])) A (V6 G B.(3\a G A,(j>[a,b])), then T k (\A\) = 
\B\. If <” and <A 2 +k are well-orderings, and there is a formula 0 such 
that (Wxy.x <1 y GG (3 zw.(p[x, z } A <f)[y, w] A z <2 w)) A ( Vzw.z <2 w GG 
(3 xy.(j)[z, x] A (p[w, y] A x <1 y)), then T fc (ot(<i)) = ot(< 2 ). 

All parts of this theorem are proved by direct application of the Axiom of 
Comprehension. The Corollary expresses the idea that any external bijection 
or isomorphism we can describe using a formula is actually codablc by a set 
and so witnesses appropriate cardinal or ordinal equivalences. 

We note that T operations can be defined for general isomorphism classes. 

Definition: For any relation R , the isomorphism class [i?]~ = {S \ S}. 

We define T([i?]~) = [h"']~, where R L = {({a;}, {?/}) | x Ry}, as already 
defined. Note that this is more general than but essentially the same 
as the T operation on ordinals. 
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Now we pursue an extension of the Reasonable Convention proposed 
above for natural numbers. We recall that the T operation on cardinals 
witnesses an exact correspondence between the natural numbers at different 
types. This allows us, if we wish, to introduce natural number variables 
which can be used in a type-free manner: such a variable can be shifted into 
the type appropriate for any context by appropriate applications of the T 
operation or its inverse. All statements purely in the language of the natural 
numbers are invariant under uniform application of the T operation, as we 
have seen. Each occurrence of a natural number variable translates into an 
occurrence of a general variable of an appropriate type restricted to the set 
of natural numbers at the appropriate type. 

This idea can be extended to cardinals and ordinals (and to isomorphism 
classes in general), but a further refinement is needed. The difficulty is 
that the ordinals in one type are mapped injectively into but not onto the 
ordinals in the next type, as we have just seen. We will see below that the 
same is true of the cardinals. The natural number variables introduced in 
the previous paragraph are translated as general variables restricted to the 
set of all natural numbers (which is in effect the same set at each type); this 
cannot work for the ordinals (or the cardinals): each ordinal bound variable 
must be restricted to the ordinals in a specific type (which is equivalent to 
restriction to an initial segment of “all the ordinals” determined by the first 
ordinal not in that particular type (the first ordinal of the next higher type 
which is not an image under T)). We can thus use type- free ordinal variables 
as long as we require that any such variable be restricted to a proper initial 
segment of the ordinals (the type of the bound will determine the highest 
type in which we can be working), and we can treat cardinals similarly. 
There is no way to express a general assertion about all ordinals at whatever 
type in type theory. Just as in natural number arithmetic, all statements 
about properties, relations, and operations natural to cardinals and ordinals 
are invariant under uniform application of the T operation: this enables the 
proposed identifications of cardinals and ordinals at diverse types to cohere. 

This convention would allow the elimination in practice of the inconve- 
nient reduplication of cardinals, ordinals, and similar constructions at each 
type. We do not use it as yet, but it is important to us to note that it is 
possible to use this convention. 
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3.16 Other Forms of the Axiom of Choice 


The Axiom of Choice is equivalent to some other interesting propositions (in 

fact, there are whole books of them but we will only discuss a few). 

The Well-Ordering Theorem: Every set is the field of a well-ordering. 
(Equivalently, V is the field of a well-ordering.) 

Observation: It is obvious that the well-ordering theorem implies the Ax- 
iom of Choice: the choice set of a partition can be taken to be the set of 
minimal elements in the elements of the partition under a well-ordering 
of the union of the partition. The interesting part of the result is the 
converse: the Axiom of Choice is enough to prove the Well-Ordering 
Theorem. 

Definition: A chain in a partial order < is a subset C of f ld(<) such that 
< flC 2 , the restriction of < to C , is a linear order (i.e., any two elements 
of C are comparable in the order). 

Definition: A collection of sets is said to be nested iff it is a chain in the 
inclusion order: A is a nested collection of sets iff (Vx G A(Vy G A.x C 
y Vy C x)). 

Lemma: The union of a nested collection of chains in a partial order < is a 
chain in <. 

Zorn’s Lemma: A partial order with nonempty domain in which every 
chain has an upper bound has a maximal element. 

Observation: Let A be the set of all well-orderings of subsets of a set A. 
We define U < V as holding for U,V G A iff either U = V or U is a 
segment restriction of V. A chain in this well-ordering is a collection C 
of well-orderings of A which agree with one another in a strong sense 
and whose union will also be a well-ordering of a subset of A and so an 
upper bound of the chain C (details of this bit are left as an exercise). 
So Zorn’s Lemma would allow us to conclude that there was a maximal 
partial well-ordering of A under the segment restriction relation, which 
clearly must be a well-ordering of all of A (any element not in the field 
of the maximal well-order could be adjoined as a new largest element 
of a larger well-ordering for a contradiction). 
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Since Zorn implies Well-Ordering and Well-Ordering implies Choice, it 
only remains to show that Choice implies Zorn to prove that all three 
are equivalent (in the presence of the rest of our axioms). 

Proof of Zorn’s Lemma: Let < be a partial order in which every chain 
has an upper bound. 

Let C be the set of all chains in <. Note that for any chain C if there 
is an upper bound of C which belongs to C there is exactly one such 
upper bound. If in addition all upper bounds of C belong to C then 
this uniquely determined upper bound is maximal in <. For each chain 
C in <, define B c as the set of all upper bounds for C which are not 
in C , if there are any, and otherwise as the singleton of the unique 
upper bound of C which is an element of C. All of these sets will be 
nonempty if < has no maximal element. The set {{C} x o u Bc \ C G C} 
is a partition, and so has a choice set. Notice that the choice set is a 
function F which sends each C G C to the singleton set of an upper 
bound of C, which will belong to C only if all upper bounds of C belong 
to C (in which case the upper bound is maximal). 

For each chain C, denote the linear order < D C 2 by <c- We call a 
chain C a special chain iff <c is a well-ordering and for each x G C we 
have {x} = F(fld((< c )x))- 

We can prove by transhnite induction that <c is precisely determined 
by its order type (for any special chains C and D , if <q is isomorphic 
to <n then <c=<d)- Suppose otherwise: then there is a least ordinal 
to which distinct <c and < D belong. There must be a <c-first element 
x which differs from the corresponding <£, element y. But this implies 
that (<c)x = {<d) v whence {a:} = F((<cr) x ) = F((< D ) y ) = {y}. 

This implies further that for any two distinct special chains, one is a 
segment restriction of the other. This further implies that the union 
of all special chains is a linear order and in fact a special chain; call it 
E. Now E U F(<e) is a special chain as well, which cannot properly 
extend E, so F(<e) Q E, so the sole element of F(E) is a maximal 
element with respect to <. 
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Alternative Proof of Zorn’s Lemma: Let < be a nonempty partial or- 
der in which any chain has an upper bound. Let C be the set of all 
chains in <. 

For each chain C in < and x G f ld(<), we say that x is an appropriate 
upper bound of C if x is an upper bound of C and x C or if x G C 
and all upper bounds of C are elements of C. Notice that if there is 
an upper bound of C belonging to C there is only one, and also notice 
that if the unique upper bound of C belonging to C is the only upper 
bound of C then it is maximal in <, because anything strictly greater 
than the unique upper bound of C in C would be an upper bound of 
C not in C. 

For each chain C in <, we define Xq as the set of all ordered pairs 
(C, {x}) such that x is an appropriate upper bound of C . Notice that if 
C ^ C then Xq and X C ' are disjoint (because elements of the two sets 
are ordered pairs with distinct first projections). Thus {A^ | C G C} 
is a partition, and has a choice set F. Notice that F is a function, 
F : C — > t“fld(<), and F(C) for every C is the singleton {x} of an 
appropriate upper bound x of C. 

Define a function G by transhnite recursion: G(a) is defined as the 
sole element of F(rng(G|~{/3 | (3 < «})) if rng(G[{/3 | f3 < a}) is 
a chain in < and as 0 otherwise. Transhnite induction shows that 
rng(Gf{/3 | /3 < a}) is a chain in < for any ordinal a (for successor a, 
because C U F(C) is always a chain in < if C is a chain in <, and for 
limit a because a union of nested chains in < is a chain in <). Note 
that G(a) will not be one of the G(/3)’s for f3 < a unless it is maximal 
for <, so G is injective if < has no maximal element. The range of G 
is a subset of the held of < with a unique well-ordering under which G 
is an increasing function. The order type of this well-ordering will be 
the order type D of the ordinals iff G is injective. If G is not injective, 
it is constant past a certain point and so the order type of this well- 
ordering will be that of an initial segment of the ordinals, so strictly 
less than Now we employ a trick: consider instead of < the order 
type of double singletons induced by <. The well-ordering of the 
range of the function G associated with < b will have some order type 
T 2 (a) < (because it is a well-ordering of a set of double singletons) 
and so cannot be injective, and so <' has a maximal element, from 
which it follows that < itself has a maximal element. The point of the 
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trick is that the original working type we started with might not have 
had enough ordinals for the construction of G to exhaust the held of 
<. 

Throughout this discussion we could have used the lateral function 
notation introduced in the previous subsection: F_i(C) is an upper 
bound for C for each chain C. 

NOTE: include examples of use of Zorn’s Lemma in other parts of math- 
ematics. 

The Axiom of Choice directly enables us to make choices from pairwise 
disjoint collections of sets. But in fact we can use the Axiom to show that 
we can make choices from any collection of nonempty sets. 

Definition: Let A be a collection of nonempty sets. A function c with 
domain A is called a choice function for A iff c : A — > 1 (c(a) is a one 
element set for each a G A) and c(a) C a for each a G A. The sole 
element of c(a) is the item selected from A by the choice function. 

It is equivalent to say (using the notation for lateral functions) that a 
choice function for A is a function c_i : A — > V such that c_i(a) G a 
for each a G A. 

Theorem: Each collection of nonempty sets A has a choice function. 

Proof: The collection {{a} x t“a | a G A} is a partition and so has a choice 
set c. This choice set is the desired choice function. 

We define a logical device which will prove useful later. 

Hilbert symbol: Let H be a fixed function V — > 1 such that H\(V( V) — 
{0}) is a choice function. We do not care which one. Define (ex.cp) as 
the sole element of H({x \ f>}) for each formula (f). 

Theorem: For any formula <f , (Bx.(f) gg <f>[{ex.<f>) / x]. Since {\/x.<f>) gg 
-'(3x.-'4>) 1 this means that both quantifiers could be defined in terms 
of the Hilbert symbol. 

Proof: This is obvious. 

Note that a systematic use of the Hilbert symbol would imply a choice of 
an H in each relevant type. 
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3.16.1 Exercises 


1. Prove that the union of a nested set of chains in a partial order < is 
a chain. A chain is a set C such that for any x, y G C we have either 
x < y or y < x; a nested collection of sets is a set A of sets which is a 
chain in the subset relation (for any x,y G A, either x C y or y C x). 

2. Prove that the union of a countably infinite collection of countably 
infinite sets is countably infinite. Notice that you already know that 
N x N is a countable set. 

We give the result in more detail: suppose that F is a function with 
domain N and the property that each F{n) is a countably infinite set. 
Show that U{F(n) | w € N} is countable (that is, show that it is the 
range of a bijection with domain the set of natural numbers). 

Hint: be very careful. It is fairly easy to see why this is true if you 
understand why N x N is a ocuntable set, but there is an application 
of the Axiom of Choice involved which you need to notice; in type 
theory or set theory without choice there may be countable collections 
of countable sets which have uncountable unions! 

3. Use Zorn’s Lemma to prove that every infinite set is the union of a 
pairwise disjoint collection of countably infinite sets. 

Then prove that if B is a collection of countably infinite sets, IUB| = 
| U-B| + \{JB\. (This exploits the fact that |N| = |N| + |N|; it also 
requires the Axiom of Choice). 

Notice that this is another proof that k + k = k for any infinite cardinal 

K. 


136 



3.17 Transfinite Arithmetic of Order, Addition, and 
Multiplication 

We define the order relation on cardinals in a natural way. 

order on cardinals: |A| < \B\ iff there is an injection from A to B. 

Implicit in our notation is the claim that < is a partial order. The relation 
is obviously reflexive and transitive: that it is antisymmetric is a famous 
theorem. 

Cantor-Schroder-Bernstein Theorem: If |A| < \B\ and \B\ < |A| then 
\A\ = \B\. 

Before proving this theorem we give an example to illustrate why it is not 
obvious. Consider the sets [0, 1] = {x G M | 0 < x < 1} and 'P(N), the set of 
all sets of natural numbers. 

A injection / from [0, 1] into V(N) is defined by f(r) = {k G N | tJ+t is a 
term in the unique nonterminating binary expansion of r} while a bijection 
g from V(N) into [0, 1] is given by g(A) = SfcgA 10 fc+i • So it is easy to see that 
each set embeds injectively in the other, but it is not at all easy to see how 
to construct a bijection which takes one set exactly onto the other. 

We now give the slightly delayed 

Proof of the Cantor-Schroder-Bernstein Theorem: Assume that there 
is an injection / : A — >• B and an injection g : B — >■ A: our goal is to 
show that there is a bijection h from A to B. B is the same size as 
g u B C A, so if we can show A ~ g u B we are done. The map f\g sends 
all of A into g u B\ we develop a trick to send it exactly onto g u B. Let 
C be the intersection of all sets which contain A — g “ B and are closed 
under f\g. Let ho be the map which sends all elements of C to their 
images under f\g and fixes all elements of A — C. This is a bijection 
from A to g u B, so ho\g -1 is a bijection from A to B. 

Note that this proof does not use the Axiom of Choice. Beyond this point 
we will use the Axiom of Choice freely, and some of the results we state are 
not necessarily true in type theory or set theory without Choice. 
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Theorem: The natural order on cardinals is a linear order. 

Proof: Let A and B be sets: we want to show |A| < \B\ or \B\ < |Ll|. This 
is easy using the Well-Ordering Theorem: we choose well-orderings <a 
and <b of A and B respectively. If the well-orderings are isomorphic, 
the isomorphism between them witnesses \A\ = \B\ (and so \A\ < \B\. 
Otherwise, one of <a and <b is isomorphic to a segment restriction of 
the other, and the isomorphism is the required injection from one of 
the sets into the other. 

Theorem: The natural order on cardinals is a well-ordering. 

Proof: Let C be a set of cardinals. Our aim is to show that C has a smallest 
element in the natural order. Let < be a well-ordering of a set at least 
as large as any of the elements of the union of C (the universe of the 
appropriate type will work). Consider the set of all well-orderings of 
elements of the union of C (note that the union of C is the set of all 
sets which have cardinalities in the set C ). Every well-ordering in this 
set will either be similar to < or similar to some segment restriction of 
<. If all are similar to <, then all elements of C are the same and it 
has a smallest element. Otherwise consider the set of all x such that 
< x is isomorphic to some well-ordering of some element of the union of 
C: there must be a <-smallest element of this set, which corresponds 
to the smallest element of C in the natural order. 

Theorem: There is a surjection from A onto B iff \B\ < |kl| (and B is 
nonempty if A is). 

Proof: If there is an injection / from B to A, then we can define a surjection 
from A to B as follows: choose b € B] map each element of A to / _1 (a) 
if this exists and to b otherwise. This will be a surjection. If B is empty 
we cannot choose b , but in this case A is empty and there is obviously 
a surjection. 

If there is a surjection / from A onto B, there is a partition of A 
consisting of all the sets / “{a} for a G A. Let C be a choice set for this 
partition. Map each element b of B to the unique element of C C A 
which is sent to b by /. This map is obviously an injection. 
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Definition: In type theory or set theory without Choice, we define 


\A\ <* \B\ 

as holding iff there is a surjection from B onto A. In the light of 
the previous Theorem, there is no need for this notation if we assume 
Choice. 

Theorem: For all cardinals k and A, k < A T(k) < T( A). If 
exists and T~ 1 (A) does not exist then n < A. 

Definition (repeated from above): We define K 0 as |N|. Elements of 
are called countably infinite sets, or simply countable sets. 

Theorem: K 0 + 1 = K 0 + = No- It is straightforward to define 

a bijection between N and NxN. The Injections between the naturals 
and the even and odd numbers witness the second statement. The 
successor map witnesses the first statement. 

Theorem: K 0 = T(N 0 ). 

Proof: This follows from the fact that natural numbers are sent to natural 
numbers by the T operation. 

Theorem: Every infinite set has a countable subset. 

Proof: Let A be an infinite set. The inclusion order on the collection of 
all bijections from initial segments of N to A satisfies the conditions of 
Zorn’s Lemma and so has a maximal element. If the maximal element 
had domain a proper initial segment of N, then the set would be finite. 
So the maximal element is a bijection from N to a subset of A. 

Theorem: For every infinite cardinal k, k + 1 = k. 

Proof: Let A be an infinite set. The inclusion order on the set of all bi- 
jections from B to B U {a:}, where B U {a;} C A and x (jL B, satisfies 
the conditions of Zorn’s Lemma and so has a maximal element. It is 
nonempty because A has a countable subset. If the maximal element is 
a map from B to B U {a;} and there is y e A — (B U {a;}), then affixing 
(■ y , y) to the map shows that the supposed maximal element was not 
maximal. 
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Corollary: If n is finite and k is an infinite cardinal then k + n — k. 

Theorem: For every infinite cardinal k, k + k = k. 

Proof: Let A be an infinite set. The inclusion order on pairs of bijections 
/ and g with domain B C A and disjoint ranges whose union is B, 
ordered by componentwise inclusion, satisfies the conclusion of Zorn’s 
Lemma. It is nonempty because A has a countable subset. Suppose 
that a maximal such pair of bijections has been constructed. If there 
is no countably infinite subset in A — B, then A — B is finite and 
\B\ = | A | by the previous result (iterated) and the result is proved: 
otherwise take a countable subset of A — B and extend the supposedly 
maximal map to a larger one. 

Corollary: If A < k and k is an infinite cardinal then k + A = k. 

Theorem: For every infinite cardinal k, k ■ k — k. 

Proof: Let A be an infinite set. The inclusion order on bijections from Bx B 
to B, where B C A, satisfies the conditions of Zorn’s Lemma. It is 
nonempty because A has a countable subset. Now consider a maximal 
function in this order, mapping Bx B to B. If A — B contains no subset 
as large as B , then \B\ = |Zl| by the previous result and the result is 
proved. Otherwise, choose B' C A — B with \B'\ = \B\. It is then 
easy to see from assumptions about B and B' and the previous result 
that the map from B x B to B can be extended to a bijection from 
(B U B ') x (B U B') to B U B' , contradicting the supposed maximality 
of the bijection. 

Corollary: If A < k and k is an infinite cardinal then k ■ A = k. 

The arithmetic of addition and multiplication of infinite cardinals is re- 
markably simple. This simplicity depends strongly on the presence of Choice. 
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3.17.1 Exercises 


1 . A classical argument that | 77 2 | = \R\ goes as follows. Suppose that it 
is granted that | [0, 1] | = \R\ (this takes a wee bit of work, too, but not 
too much). So it suffices to prove that | [ 0 , 1 ]| 2 = | [ 0 , 1 ] | . Map the pair 
of numbers with decimal expansions 0. 010.203 . . . and O.6162&3 • • • to the 
number with expansion 0 . 0161026203^3 • • •• Unfortunately, this doesn’t 
quite give us the bijection we want due to problems with decimal ex- 
pansions (explain). Give a corrected description of this map, taking 
into account bad features of decimal expansions, and explain why it is 
not a bijection from [ 0 , l] 2 to [ 0 , 1 ]. Is it an injection? A surjection? 
Then use a theorem from the notes (giving all details of its application 
to this situation) to conclude that there is a bijection from [0, l] 2 to 

[0.1]. 
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3.18 Cantor’s Theorem 

3.18.1 Cardinal Exponentiation and the Theorem 

In this section, we start by defining another arithmetic operation. We have 
delayed this because its properties in the transfinite context are more vexed. 

Definition (function space): The set of all functions from A to B is called 
B a . Note that B A is one type higher than A or B (it would be three 
types higher if we were using the Kuratowski pair). 

Definition (cardinal exponentiation): We define \A\^ as T~ 1 (A B ). 

The appearance of T -1 is required to get a type-level operation (it would 
be T“ 3 if we used the Kuratowski pair). It makes it formally possible that 
this operation is partial - and indeed it turns out that this operation is 
partial. 

Definition: For each subset B of A define Xb as th e function from A to 
(0, 1} which sends each element of B to 1 and each element of A — B 
to 0. We call this the characteristic function of B ( relative to A). 

Observation: The function sending each B C A to Xb i s a bijection. 

Theorem: \V(A)\ = |{0, 1} A |, so 2^ = T” 1 (|T , (W)|). 

Now comes the exciting part. 

Cantor’s Theorem: For any set A, there is no function / from l“A onto 
V(A). 

Proof: Suppose otherwise, that is, that there is a function / from l u A onto 
V(A). Consider the set 

R = {a E A \ a ^ /({a})}- 

Since / is onto, R = /({r}) for some r G A. Now 

r e R -H- r ^ /({r}) = R 


is a contradiction. 
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This tells us that a set A cannot be the same size as its power set. The 
fact that A and V(A) are of different types necessitates the exact form of the 
theorem. This implies that if 2^ exists, that 

T{\A\) = \i“A\ ± \V(A)\ = T( 2 |a| ) 

so |A| 7 ^ 2^ A \. There are at least two distinct infinite cardinals, |fd| and 2^ 
(in high enough types for both to be present). 

Since certainly \i u A\ < |P(t4)| (singletons of elements of A are subsets of 
A), it follows by Cantor-Schroder-Bernstein that |P(A)| ^ |t“A|, as otherwise 
these two cardinals would be equal, so we can write \l“A\ < |P(t4)| and 
k < 2 K . 

Further we have the curious result that \l“V\ < \V{V)\ must be distinct: 
there are more sets in any given type than singletons of sets (of the next lower 
type). This implies that V in any given type is strictly larger than any set 
of lower type (in the sense that the elementwise image under an appropriate 
i n n of the lower type set at the same type as V will have smaller cardinality 
than V ): T” 1 ( |V|) is undefined and so is 2 1 v I , which would be T“ 1 ( \V(V)\). 

3.18.2 Applications to the Number Systems 

We give some set theoretical facts about familiar number systems. 

Theorem: Z ~ N 

Proof: Consider the map which sends 0 to 0, 2 n — 1 to n for each natural 
number n > 0 and 2 n to —n for each n > 0. This is a bijection. 

Theorem: Q ~ N. 

Proof: There is an obvious injection from Q into Z x N + determined by 
simplest forms of fractions. Z x N + ~ Id x N is obvious. N x Id is 
injected into Id by the map f(m,n) = 2 m 3 n , and of course Id injects 
into Q. The result follows by the Cantor-Schroder-Bernstein theorem. 

Theorem: M ~ V( N), so |M| > |N|. 

Proof: An injection from the interval [0, 1) in the reals into V(N) is defined 
by sending each real r in that interval to the set of all natural numbers 
i such that there is a 1 in the i-’s place in the binary expansion of r 
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which contains only finitely many l’s. An injection from 'P(N) to the 
interval [0, 1) sends each set A of natural numbers to the real number 
whose base 3 expansion consists of l’s in the A’s place for each i e A 
and zeroes in all other places. It follows by Cantor-Schroder-Bernstein 
that 

[0,1) ~P(N). 

Injections from (— |, |) into [0, 1) and vice versa are easy to define, so 
Finally, the arc tangent function witnesses 


The cardinal inequality follows from Cantor’s Theorem. 

The linear orders on Q and M share a characteristic which might suggest 

to the unwary that both sets should be larger than the “discrete” N. 

Definition: If < is a linear order and A C f ld(<), we say that A is dense 
in [<] iff for each x < y there is z G A such that x < z and z < y (it is 
traditional to write x<zAz<yssx<z<y). We say that < itself 
is merely dense iff f ld(<) is dense in [<]. 

Observation: The natural orders on Q and M are dense. Q is dense in the 
order on M. 

Definition: A linear order with a finite or countable dense set is said to be 
separable. The immediately preceding example shows that a separable 
linear order need not be countable. 

Theorem: Any two dense linear orders with countably infinite field and no 
maximum or minimum element are isomorphic. This is a characteriza- 
tion of the order on Q up to isomorphism. 

Proof: Let <i and < 2 be two such orders. Let < x and < 2 be well-orderings 
of order type to with the same fields as <1 and < 2 respectively. 

We define a map / from f ld(<!) to f ld(< 2 ) by a recursive process. 
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Initially, we define a° L as the < 1 -least element of fld(<!), and define 
/(a°) as the < 2 -least element of fld(< 2 ). This completes stage 0 of 
the construction. 

Suppose that the values at which / has been defined at the nth stage 
of our construction are the terms a"( 0 < % < N ) of a finite strictly < 1 - 
increasing sequence of elements of fld(<i), and further that /(a”)( 0 < 
i < N) is a strictly increasing < 2 - sequence. We define a^i+i as a” 
for each i in the domain of a n . Note that this means that / is already 
defined at each of the odd-indexed elements of the range of a n+1 that we 
will consider in what follows. We define Oq + 1 as the < 1 -least element of 
the <i -interval (— cx),a” +1 ) and /(ao +1 ) as the < 2 -least element of the 
< 2 -interval (— oo, /(a , 1 l+1 )). We define a 2 ^ 2 as the <Meast element of 
the <i-interval (o 2 jv+i? oo), and /(a 2 jv+ 2 ) as the < 2 -lcast element of the 
< 2 -interval (/(a^v+i), oo). These selections succeed because neither 
order has a maximum or minimum. For 0 < i < N, we define a 2l +1 
as the < 1 -least element of the ^-interval a 2 i+'i ) an d /( a 2 i +1 ) 

as the < 2 -least element of the < 2 -interval (/(a^-i)) /( a 2 i+i))- These 
selections succeed because both orders are dense. It should be clear that 
the extended sequence a n+1 has the same properties specified for the 
sequence a n , so this process can be continued to all values of n. Further, 
it should be clear that the m-th element of the order appears in the 
domain of / by stage m and the m-th element of the order < 2 appears 
in the range of / by stage m, so the definition of / succeeds for all values 
in the domain of <i, defines a function which is onto the domain of < 2 , 
and is clearly a strictly increasing Injection, so an isomorphism. 

Definition: A linear order is said to be complete iff every subset of the order 
which is bounded above has a least upper bound. 

Observation: The order on M is complete. 

Theorem: A nonempty separable complete dense linear order with no max- 
imum or minimum is isomorphic to the order on M. 

Proof: By the theorem above, the order restricted to the countable dense 
subset is isomorphic to the usual order on Q, from which it follows 
easily that the entire order is isomorphic to the usual order on M. 
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3.18.3 Cardinals and Ordinals; Cardinal Successor; The Hartogs 
and Sierpinski Theorems 

For any cardinal k < \V\, there are larger cardinals (|V|, for instance). Since 
the natural order on cardinal numbers is a well-ordering, there is a smallest 
cardinal greater than k. For finite cardinals n, this next largest cardinal is 
n + l, but of course for infinite k we have k — k + 1: we will see below how 
the “next” cardinal is obtained in the infinite case. 

Definition: If k 7 ^ \V\ is a cardinal number, we define k + as the least 
cardinal in the natural order which is greater than n. 

Now we take an apparent digression into the relationships between car- 
dinal and ordinal numbers. Each ordinal a is naturally associated with a 
particular cardinal: 

Definition: Let a be an ordinal number. We define card(o) as |fld(l?)| for 
any R G a (the choice of R makes no difference). 

For each finite cardinal n there is only one ordinal number a such that 
card(o) = n (usually written n as well). But for any ordinal a such that 
card(o) is infinite, we find that card(a + 1) = card(o:) + 1 = card(a): 
the card operation is far from injective. But there is an ordinal naturally 
associated with each cardinal as well: 

Definition: Let n be a cardinal. We define init(/s;) as the smallest ordinal 
number a such that card(a) = k. There is such an ordinal because any 
set of size k can be well-ordered; there is a least such ordinal because 
the natural order on ordinals is a well-ordering. 

It is important to note that the T operations on ordinals and cardinals 
preserve order, addition, multiplication, and exponentiation. Intuitively, this 
is all true because T(k) is in some external sense the same cardinal as n and 
T(a) is in some external sense the same order type as a. The proofs are 
straightforward but tedious. One has to take into account the fact that 
cardinal exponentiation is a partial operation (which reflects the fact that 
there are more cardinals and ordinals in higher types). 

We restate and extend our theorems on the fact that the T operation 
commutes with operations of arithmetic. 
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Theorem: Let k and A be cardinal numbers. Then T(k) < T( A) k < A, 
T(k) + T(A) = T(/c + A), T(/c) ■ T( A) = T(k • A), and T(k a ) = T(k ) t < a > 
if the former exists. T(k+) = T(k)+. 

Theorem: Let a and ft be ordinal numbers. Then T(a) < T(/3) -H- a < /3, 
T(a) + T(/3) = T(a + p), T(a)-T((3) = T(a-/3 ), and T{ofi) = T(a) T W 
(ordinal exponentiation is total). 

We now prove a theorem characterizing the way in which n+ is obtained 

from k when k is infinite. 

Theorem: Let k — |Al| ^ \V\ be an infinite cardinal. Let be the set of 
order types of well-orderings of subsets of the set A (clearly this does 
not depend on the choice of the set A). Then k+ = card(sup(0 J 4))- 

Proof: Let 7 = card(sup(f2 J 4)). Since a well-ordering of a set of size 7 must 
be longer than any well-ordering of a subset of A, 7 > k. Now suppose 
that A < 7. ft follows that init(A) < init(7) = sup^^), so a well- 
ordering of a set of size A is of the same length as the well-ordering 
of some subset of a set of size A, so A < k. Note that the size of the 
set of ordinals less than sup(Q/i) is T 2 ( 7), so we could also define 7 as 
T ” 2 (l se g< n (sup(04))|)- 

In the absence of Choice the argument above does not work, but there is 

still something interesting to say. 

Definition: For any cardinal k = |Al| ^ \V\, define as the set of order 
types of well- orderings of subsets of A and K(k) as card(sup(f2 J 4)). 

Observation: The preceding definition is only of interest in the absence of 
Choice, as otherwise it coincides with k+. Note that N(/c) is always 
a cardinal whose elements are well-orderable. Note that for syntac- 
tical reasons this use of K is distinguishable from another use to be 
introduced shortly. 

Theorem (not using Choice; Hartogs): For any cardinal k, K(k) ^ k. 

Proof: Suppose otherwise. Let k — |Al|. We then have an injection from a 
set B of order type sup(f2^) into A. The range of this injection supports 
a well-ordering of type sup(Q4). But the range of this injection is a 
subset of A, so its order type belongs to This is a contradiction. 
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Theorem (not using Choice; Sierpinski): K(ft) < exp 3 (ft). 

Proof: Since we are working in choice-free mathematics, it is advantageous 
to represent things in different ways. Any well-ordering is represented 
effectively by the set of its initial segments. We refer to such a repre- 
sentation of an order as a segment-ordering. A segment-ordinal is an 
equivalence class of segment-ordinals. Notice that a segment-ordinal is 
three types higher (not two types higher) than the elements of its field. 
If A £ ft, observe that the set of segment-ordinals of well-orderings of 
subsets of A is of cardinality T 3 (K(ft)). Of course a segment-ordinal is 
a set of sets of sets of elements of A: the collection of sets of sets of sets 
of elements of A is of cardinality T 3 (exp 3 (ft)). The desired inequality 
follows. 

A related result is N(ft) < exp 2 (ft 2 ) This is obtained by noting that the 
usual ordinals of well-orderings of subsets of A are sets of sets of pairs 
of elements of ft, so T 2 (K(ft)) < T 2 (exp 2 (ft 2 )). This is most useful when 
we know that ft 2 = ft: this is not a theorem of choice-free mathematics, 
though it is true if elements of ft are well-orderable or if ft is of the form 
exp 4 (A) for A infinite (this last because the construction of the Quine 
pair can then be mimicked in a set of size ft). 
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3.18.4 Hierarchies of Cardinals; A Disadvantage of Strong Exten- 
sionality 

We introduce two notations for cardinal numbers. 

Definition: Let K be the natural order on infinite cardinals. We then define 
for ordinals a using the definition of ordinal indexing of the elements 
of the field of a well-ordering. 

Definition: We define u a as init(N a ). 

Definition: Let D be the natural order on cardinal numbers restricted to 
the smallest set of cardinal numbers which contains K 0 , is closed under 
the power set operation, and contains suprema of all of its subsets. We 
then define Hq, for ordinals a using the definition of ordinal indexing. 

We can now pose one of the notable questions of set theory, dating to 
the beginnings of the subject. The first infinite cardinal is K 0 . We know by 
Cantor’s Theorem that |P(N)| > |t“N| = tt 0 . We also note that l'P(N)! = Dj.. 
We know by definition of cardinal successor that Nq = K 0 + > Kq. We know 
by the observation following the theorem above that Ki is the number of 
finite and countable ordinals (which is easily shown to be the same as the 
number of countable ordinals). The question that arises is the status of 

*Cantor’s Continuum Hypothesis: Di = Nq? Are there more subsets of 
the natural numbers than countable order types? 

It is called the Continuum Hypothesis because Cantor also knew (as we 
will find in the next section) that Di is not only the cardinality of the the set 
of subsets of the natural numbers but also the cardinality of the set of real 
numbers, or the number of points on a line (the cardinality of the continuum). 
For this reason Di is also called c (for “continuum”). 

A related assertion (which is again a hypothesis not a theorem) is 

*Generalized Continuum Hypothesis (GCH): K Q = Dq. for all ordinals 
for which is defined. 

A further question is how far the K„’s or D a ’s continue. These notations 
are definitely undefined for sufficiently large ordinals a (neither is defined 
for ot(K), by a simple consideration of how ordinal indexing is defined). We 
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cannot prove in this system that is defined or even that R„ exists for each 
natural number n. It is true that exists among the cardinals of type n sets 
for each n, but there is a kind of pun going on here. It is also true that the 
sequences of K’s and D’s get longer in higher types. Suppose \V\ = (there 
will be such an a). It follows that T(\V\) = tt T ( a ) in the next higher type, 
so the strictly larger cardinal \P(V)\ > Rr(a:)+i, so the sequence is extended 
in length by at least one. A similar argument for the D Q ’s is slightly more 
involved. 

With strong extensionality there is a much stronger restriction. Suppose 
that the cardinality of type n is N a . It follows that the largest which 
is the cardinality of a type n + 1 set has f3 < a. Further, it follows that 
the largest which is the cardinality of a type n + 2 set has f3 no greater 
than T(a) + 2. Iteration of this observation (and the natural identification 
of ordinals of different types via the T operation) allow us to say somewhat 
loosely that there can be no Us in any type with f3 > a + u. The reason 
for this restriction is that there is a definable bound on the size of each type 
7i + l in terms of the size of type n. 

This gives a concrete motivation for the form of the axiom of extension- 
ality that we have chosen to use. We do not want the size of mathematical 
structures that we can consider to be strongly bounded by the size of type 0. 

With weak extensionality we can cause much larger ill numbers to exist 
because we can assume that each type n + 1 is much much larger than the 
power set of type n (a sufficiently large set of urelements is added to support 
whatever construction we are considering). A strong assumption which sug- 
gests itself is that we can iterate the cardinal exponentiation operation on 
cardinals of sets of type n objects along any well-ordering of type n objects 
(for each type n) . This would give existence of ^T 2 {a) f° r each ordinal a. 

It is useful to note that if we use the convention of type-free cardinal and 
ordinal variables outlined above, we can treat the exponential operation on 
cardinals as total. This is achieved in the underlying translation to typed 
language by providing that we work in a type higher than that of any variable 
appearing in an exponentiation: the exponential n x is then in effect read as 
T(k) t ( x \ which is always defined. 

This means that we can in effect say “For every cardinal there is a larger 
cardinal” and “For every ordinal there is a larger ordinal”. (V/c.(3A.A > k )) 
do not make sense under the convention, because we have not bounded the 
quantifiers. But (V/c < /n(3A < 2+k < A)) is true (for any specific /i, with the 
convention ensuring that we work in a type where 2 M exists), and expresses 
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the desired thought. 


3.19 Sets of Reals 

topological stuff? 

3.20 Complex Type Theories 

complicated type theories and how they can be represented in TSTU; Curry- 

Howard isomorphism stuff, perhaps. 

3.21 Infinite Indexed Families; Konig’s Theorem 

3.22 Partition Relations 

We begin this section by stating an obvious 

Theorem: If X is an infinite set, A is a finite set, and / : X — >■ A, then 
there is a E A such that f~ lu {a} is an infinite subset of X. 

Proof: The preimages of individual elements of A under / are a disjoint 
finite family of sets covering X. The sum of their cardinalities is the 
cardinality of X. If all of them had finite cardinality, this sum (the 
cardinality of X) would be finite. But the cardinality of X is infinite 
by assumption. 

The first major theorem of this section is a generalization of this. 

Definition: If X is a set and k is a cardinal, we define [A"] ft as V(X) D k, 
the set of all subsets of X of size k. 

Definition: If X is a set, n is a natural number, A is a finite set, and 
/ : [A"] n — » A, we say that H is a homogeneous set for / iff H C A" 
and \f u [H] n \ = 1. 

Theorem (Ramsey): If X is an infinite set, n is a natural number, A is a 
finite set, and / : [ X] n — > A, there is an infinite homogeneous set H for 
/• 
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Proof: For n = 1, the result follows immediately from the first theorem of 
this section. 

Assume that the theorem is true for n — k and show that it follows for 
n — k + 1. Let X be an infinite set, A a finite set, and / : [A] fe+1 — > A 
a function. Our goal is to show that there is an infinite homogeneous 
set H for /. 

We define a tree Tf. We well-order A" and we assume that uTfV is 
defined for all u,v < x. We define xTju as false for u < x. We define 
yTfX , for y < x, as true iff for all h-element subsets K of seg T (y), 
f(K U {y}) = f(K U {a;}). </ is a tree because the order on any 
segment in <f agrees with the underlying well-ordering of A". 

We introduce some terminology useful in the context of trees. The level 
of an element x of the held of a tree <t is the order type of seg <T (x). 
The branching of the tree at an element x of its held is the cardinality 
of the set of all y such that x is the maximal element of the segment 
determined by y in the tree. Such elements y are called successors of x 
in the tree. 

In the tree </, the branching will be finite at any element of the held 
of the tree at finite level. There will be nontrivial branching above 
an element y just in case there are elements z, w such that for any k- 
elcment subset K of seg < (y), f(KU{y}) = f(KU{z}) = f(KU{w}), 
but for some k — 1-element subset A, f(A U {y, z}) ^ f(A U {y, w;}). A 
possible new branch above y is determined by the assignment of a value 
under / to each f(A\J{y, z}), where z is the next element of the branch. 
Since there are finitely many subsets of the segment determined by y 
(since its level is finite) and finitely many values in A, the branching at 
each element of finite level is finite. One can further prove that if the 
branching at each element of a finite level is finite, each finite level is a 
finite set. ft follows that some element of each finite level is dominated 
by infinitely many members of X in the tree order, and further that if 
some element of finite level is dominated by infinitely many elements 
of X, it has a successor that is dominated by infinitely many elements 
of X. From this it follows that we can construct a branch of the tree 
with the property that each of its elements of finite level is dominated 
by infinitely many elements of X (so it has elements of all finite levels 
and is infinite). 
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Any branch B in the tree <f has the property that if b\ <f b 2 </ 
■ ■■b k <f b k+ 1 </ c, that f({b 1? b 2 , . . . ,b k ,b k+1 }) = f({b 1 ,b 2 ,...,b k ,c}): 
the value at a k + 1-element subset of the branch is not changed if the 
top element of the set is changed. Thus we can define a new function 
f* : [B} k A by f({b u b 2 ,...,b k }) = f({b 1 ,b 2 ,...,b k ,c}) for any 
c > f b k . Now let B be the infinite branch whose existence was shown 
above. By inductive hypothesis, there is an infinite homogeneous set 
H for B with respect to /*, which will also be an infinite homogeneous 
set for /. This completes the proof. 

Ramsey theorem and Erdos-Rado theorem: not part of the main agenda, 
used for model theory of alternative set theories later. 

The Schmerl partition relations, needed for theory of NFUA. 

3.23 Large Cardinals 

inaccessibles, Mahlos, weakly compact and measurables explained. This is 
prerequisite knowledge for the model theory of strong extensions of NFU ; it 
can also be used to talk about model theory of ZFC. 
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3.24 Pictures of Sets: the Theory of Isomorphism Types 
of Well Founded Extensional Relations 

In this section, we show how the type theory we are working in can naturally 
motivate a development of the untyped set theory which is more often used, 
as the theory of a quite natural class of mathematical structures which has 
its own intrinsic interest. 

3.24.1 Coding Sets in Relations 

We consider the possibility that a set relation R may be used to represent the 
membership “relation” G. Toward this end, we introduce some definitions. 

Definition: Let R be a relation. We say that an element x of f ld(R) codes 
the set = {y \ yRx} relative to R. (if the relation is un- 

derstood in the context we may just say that the element x codes the 
given set). 

The Definition ensures that a given domain element codes just one subset 
of the field of the relation, but we would also like it to be the case that a 
given set is coded by no more than one domain element. 

Definition: A relation R is said to be [weakly] extensional iff for all x and 
y in the field of R, if R~ lli {x} = R~ lu {y} then [either A -1 “{a;} = 
R~ lu {y} = 0] or x = y. 

A weakly extensional relation leaves open the possibility of coding a the- 
ory of sets with distinct urelements, such as are allowed to exist in our type 
theory: there may be many distinct A-rninimal objects if R is weakly exten- 
sional, but only one if R is extensional. 

Because we are working with set relations, we perforce are at least tempted 
to use untyped language. For example, we can ask the question whether there 
is a code for the set {x G fld(A) | ~^xRx} relative to the relation R. The 
argument for Russell’s paradox shows us that there cannot be such a code 
(though the set certainly exists). In our type theory we cannot even ask the 
question which leads to Russell’s paradox. 

A notion which is difficult (though not entirely impossible) to develop in 
type theory is the notion of the collection of elements of a set, elements of 
its elements, elements of elements of its elements, and so forth (a kind of 
downward closure). In the theory of coded sets this is straightforward. 
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Definition: Let R be a relation (we do not require it to be extensional) . 
Let x be an element of the field of R. We define the component of x 
determined by R as R fl D X ]R) 2 , where D X (R ) is the minimal subset 
of the field of R which contains x as an element and contains R" 1 u {y} 
as a subset for each of its elements y. We denote the component of x 
determined by R by C X (R). 

Theorem: Let R* be the minimal reflexive, transitive relation which in- 
cludes R. Then C y (R ) is R(1 {x \ x R* y} 2 . 

Proof: x G D X (R) is obvious. Suppose x G D y (R) and y G D Z (R). Any set 
which contains z as an element and which includes R ~ 1 “{-u} as a subset 
for each of its elements u must contain y (by definition of D Z (R) and 
the fact that y G D Z (R )) and so further must contain x (by definition of 
D y (R) and the fact that x G D y (R)) so we have shown that x G D Z (R). 
Thus the relation x Sy defined as x G D y (R) is reflexive and transitive, 
so x R* y implies x G D y (R). Now observe that {y \ y R* a:} contains x 
and includes the preimage under R of any of its elements, so must be 
included in D y (R). We now see that the field D y (R ) of the component 
C y ( R) is precisely {x \ x R*y}, from which the result follows. 

There is a notion of isomorphism appropriate to weakly extensional rela- 
tions. 

Definition: If R and S are weakly extensional relations, we say that / is a 
membership-isomorphism from R to S if / is a bijection from the field 
of R to the field of S such that x Ry GG f(x) S f(y) and in addition if 
R~ lu {x} = S~ 1 (f(x)) = 0 it also follows that x = f(x). 

We impose a further condition on relations which we regard as simulating 

the membership relation, for which we need to supply a motivation. 

Definition: A [weak] membership diagram is a well-founded [weakly] exten- 
sional relation. 

Theorem: If R is well-founded, so is R* — [=] . 

Proof: Suppose A is a nonempty subset of f ld(R* — [=]) with no (R* — [=])- 
minimal element. Certainly A is a nonempty subset of fld(i?). Let a 
be an R- minimal element of A. There must be b ^ a such that b R* a 
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(since there is no (R* — [=])-minimal element). But from b R* a, it is 
easy to deduce (3 x.x R a), which is a contradiction. 

The effect of the well-foundedness restriction is to ensure that if R and 
S are membership diagrams and / is a membership-isomorphism from R to 
S, we can be certain that x with respect to R and f(x) with respect to S 
always “represent precisely the same set”. It is somewhat difficult to say 
precisely what is meant by this (since we do not yet have an independent 
understanding of untyped set theory), but a definite result which we can 
state is that the membership-isomorphism / is unique : there can be no 
other membership-isomorphism from R to S. Suppose there was another 
such membership-isomorphism g. There would be an R-minimal x in the 
domain of R such that f(x) ^ g(x). If the R-preimage of x were empty, then 
so would be the R-preimages of f(x) and g(x), but further we would have 
x = f(x) = g(x), contradicting the choice of re as a counterexample. If the 
R-preimage of x were a nonempty set A, then the S'-preimage of /( x) would 
be f“A and the S'-preimage of g(x) would be g u A. But by minimality of x, 
f“A = g“A, so by extensionality of S, f(x) — g(x), contradicting the choice 
of re as a counterexample. 

The informal argument that each element of re designates the same set 
relative to R that is designated by /(re) with respect to S has the same 
form, but has an essential vagueness dictated by the fact that we are not 
actually previously acquainted with the domain of sets being designated. If 
the R-preimage of x is empty, then x = /( x): the two objects represent 
the same atom. If the R-preimage of x is a nonempty set A, then the S'- 
preimage of /( x) is /“A x designates (with respect to R) the collection of 
things designated by elements of A with respect to R. By the minimality 
hypothesis, the things designated with respect to S by elements of f LL A are 
the same: so /(re) designates the same collection with respect to S that x 
designates with respect to R. 

Further, if we are working with relations that are extensional rather than 
weakly extensional, the argument above works with isomorphism in place of 
membership-isomorphism. 

General well-founded relations can be “collapsed” to well-founded [weakly] 
extensional relations in a suitable sense. 

Theorem: Let R be a well-founded relation. Then there is a uniquely deter- 
mined equivalence relation ~ on f ld(R) with the following property (in 
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which we use the notation [x] for [x]^): the relation R ^ = {([a;], [r/]) | 
xRy} is [weakly] extensional and for each [x] we have the set of its 
iiL -preimages exactly the set of [y] such that y Rx. 

Proof: Let x be minimal in R such that C X (R) does not have this property. 
(Clearly if there is no such x, then the unions of uniquely determined 
equivalence relations on all C' x (i?)’s with the indicated property will 
give such an equivalence relation on R.) Each C y (R) for yRx will 
support such a unique equivalence relation, if it is nonempty. We define 
the desired equivalence relation on C X (R), contrary to hypothesis. The 
top x is equivalent only to itself. All f?-preimages of x which have empty 
i?-prcimage are either equivalent only to themselves (if we are working 
with membership-isomorphism) or equivalent to all such preimages (if 
we are working with isomorphism). Each other element y of C X (R ) 
has an associated equivalence relation ~ and relation C y (R)^: define 
y ~ z as holding if and only if C y (R)^ is [membership]-isomorphic 
to C Z (R)~. By hypothesis the restriction of the equivalence relation 
to each proper component is unique. Extensionality (and the known 
uniqueness of isomorphisms between well-founded [weakly] extensional 
relations] leaves us no freedom of choice with respect to defining the 
equivalence relation between elements of different components. So the 
equivalence relation obtained is unique. 

To see why non- well- founded “membership diagrams” are problematic, 
consider a diagram containing two elements x and y , each related just to itself. 
This codes two sets, each of which is its own sole element. Consider another 
diagram containing two elements u and v, each related just to itself. Either 
of the two Injections between the fields of these relations is a membership- 
isomorphism (and indeed an isomorphism) between the relations: there is no 
way to determine whether x is to be identified with u or with v. 

ft should be noted that non- well- founded “membership diagrams” are 
merely problematic, not impossible. Interesting untyped theories can be 
developed in which there are objects which are their own sole elements (and 
in which there can be many such objects), and in fact we will have occasion 
to see this later. Indeed, arbitarily complex failures of wcll-foundedness of 
the membership relation are possible and worthy of study. 
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3.24.2 Passing to Isomorphism Types 

The advantage of restricting ourselves to well-founded [weak] membership 
diagrams is that for any element x of the field of a well-founded mem- 
bership diagram R , the intended reference of x is in effect fixed by the 
[membership-] isomorphism type of the component C X {R). We can then view 
the [membership-] isomorphism types of components of diagrams as the actual 
objects under study. When studying weak membership diagrams, there is an 
element of arbitrariness in the choice of atoms, though it is sometimes useful 
to have atoms in untyped set theory. The isomorphism types of well-founded 
extensional relations will be our principal study, and we will see that they 
correspond precisely to the objects of the usual untyped set theory, though 
without strong assumptions we will not see the entire universe of the usual 
set theory [in whatever sense this is possible]. 

Observation: If a [weak] set diagram R is equal to C X {R) and to C y (R ) 
where x and y belong to the field of R , then x = y. This condition 
implies x R* y and y R*x. Since R* — [=] is well-founded, an (R* — [=])- 
minimal element of {x, y} must be equal to both x and y, so x = y. 

Definition: A weak set diagram is a weak membership diagram which is 
equal to one of its components (and thus must be nonempty). A set 
diagram is a membership diagram which is either empty or equal to one 
of its components. A top of a [weak] set diagram is either the unique x 
such that the diagram is its own component determined by x or (in case 
the diagram is empty) any object whatsoever. A [weak] set picture is 
the [membership-] isomorphism class of a [weak] set diagram [or a double 
singleton (representing an atom)]. The set of all set pictures is called Z . 
The set of all weak set pictures whose elements have atoms restricted 
to a set A is called Z[A] (this last will contain only double singletons 
of elements of A; of course Z[V] contains all weak set pictures). 

Definition: For any [weak] set diagram R with top t, we define an immediate 
component of R as a component C X (R ) such that xRt. Note that the 
empty set diagram has no immediate components, but may occur as 
an immediate component of a set diagram if the x Rt happens to have 
empty i?,-preimage: the handling of elementless objects in weak set 
diagrams is seen below. For set pictures p and cr, we define pEa as 
holding iff there are R G p and S G cr such that R is an immediate 
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component of S. For weak set pictures p and cr, we define p E cr as 
holding iff there are R € p and S € cr such that R is an immediate 
component of S, or p is a double singleton {{a:}}, and a has an element 
S with top t such that x St and the S'-preimage of x is empty (this 
handles atoms). It is important to note that no double singleton is 
a membership-isomorphism class of weak set diagrams, so there is no 
conflict between the two parts of the definition of E on weak set pictures 
(the double singleton of the empty set is a set picture, and the sole 
elementless object in the “set theory” implemented using set diagrams). 

Theorem: E is a membership diagram (on Z or Z[A\). 

Proof: We need to show that E is [weakly] extensional and that E is well- 
founded. Suppose that p and a are [weak] set pictures and E~ lu {p} = 
E~ lu {a}. This means that each immediate component of any R £ p 
is isomorphic to some immediate component of any S £ cr and vice 
versa. [In the weak case, any preimage of the top of R which has 
empty f?-preimage is identical to some preimage of the top of S which 
has empty S'-preimage, and vice versa]. There is a unique isomorphism 
from the held of each immediate component of R to a uniquely deter- 
mined immediate component of S (because no two distinct immediate 
components can be isomorphic). Any two of these isomorphisms will 
agree on any common element of their domains. It follows that the 
union of these isomorphisms, taken together with the pair whose first 
projection is the top of R and whose second projection is the top of S, 
yields a [membership-] isomorphism from R to S, so p = a. [The fact 
that it is a membership-isomorphism in the weak case follows from the 
bracketed complete sentence above: elements of E~ lu {p} and FA 1 “{<7} 
which are double singletons each correspond to identical elements of the 
other, and this allows one to define the isomorphism so that it fixes all 
elements with empty A-preimage] . We have shown that E is [weakly] 
extensional. 

Suppose that A is a nonempty subset of the field of E. Let p be an 
element of A and let R £ p. [If R is a double singleton, R is A-minimal 
and we are done.] Define An as the intersection of A with the set of 
isomorphism types of components C X (R) [and double singletons of R- 
minimal elements of the field of R] . There will be a minimal x such 
that the isomorphism type of C X (R) belongs to A [or there will be a 
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double singleton which belongs to A]] the isomorphism class of C X (R) 
[or the double singleton] will be an FL minimal element of Ar, and so 
an £ , -minimal element of A. 

Observation: Note that E is two types higher than the [weak] membership 
diagrams R with which we started. If x in the held of R is at type k, 
then R itself is at type k + 1, the [membership-] isomorphism class of 
R is at type k + 2, and E is at type k + 3. We see that E is two types 
higher than the arbitrary membership diagrams with which we started. 
E is a kind of universal membership diagram, but this type differential 
will allow us to completely naturally evade any supposed paradoxical 
consequences of this universality. The situation here is analogous to 
that for ordinals: the well-ordering on all ordinals is a kind of universal 
well-ordering - it contains not a suborder isomorphic to each well- 
ordering R but a suborder isomorphic to the double singleton image 
R L of each well-ordering R. It is also worth noting that strict well- 
orderings with maxima (and the empty strict well-ordering) are well- 
founded extensional relations, so there are elements of Z (or Z[A]) 
naturally related to the ordinal numbers (and indeed these correspond 
precisely to the objects (the von Neumann ordinals ) which are normally 
taken to be the ordinal numbers in the usual set theory). One must 
observe though that a nonzero ordinal a is implemented in untyped 
set theory by the isomorphism class of the strict well-ordering derived 
from a well-ordering of order type a + 1. 

There is a type-shifting operation T on [weak] set pictures analogous to 

the operations on cardinals and ordinals. 

Definition: For any [weak] set diagram R, define Ii‘ as usual: this will still 
be a [weak] set diagram. Let p be the [membership-] isomorphism class 
of R: then T(p) is defined as the [membership] -isomorphism class of R L , 
and it is straightforward to show that the specific choice of an element 
R of p has no effect on the definition of T(p). Notice that in the case 
of weak set diagrams, atoms are replaced by their singletons as we pass 
up one type. [Define T({{a:}}) as {{{a;}}}] . 
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Theorem: For all [weak] set pictures p and a, p E a G> T(p) ET(a). 

Proof: This follows directly from the precise parallelism of the structure 
of S G a with the structure of S L G T(<r). If pE a, any S G cr has 
an immediate component R G p, so belonging to p: it is immediate 
that S' 1 G T(a) has an immediate component R L belonging to T(p), so 
T(p) G T(<r). Suppose T(p) G T(<r). Then we can choose an element 
of T(cr) of the form S 1, where S G cr, which will have an immediate 
component R L G T(p) (any component of S L is obviously a relation 
singleton image), from which we discover R G p, so p G cr. [If the 
top of S G a has an immediate preimage x with empty S'-preimage, 
and p = {{a:}}, then the top of S 1 has an immediate preimage {x}, 
so {{{a;}}} = T(p)ET(a) in this case as well; if T(p) G T(a) where 
p = {{a:}}, the top of S' 1 G T(cr) has an immediate preimage {a;} with 
empty »S , '-preiniage [recall that we can without loss of generality choose 
an element of a of the form S L ], we see that the top of S G a has the 
preimage x with empty S'-preimage, so {{a;}} = pEa}. 

Theorem: For each p e Z [Z[A]\ we have C P (E ) G T 2 (p). 

Proof: Let R G p. Define p x as the isomorphism type of C x ( R) for x G 
fld(i?) [or as {{a:}} if x is i?-niinimal.] The p x s are exactly the ele- 
ments of D p (E), p x E p y iff x Ry, but p x is two types higher than x, so 
we can define a [membership-] isomorphism sending each {{a;}} to p x , 
witnessing the desired relation between R L and C P (E). 

Theorem (using Choice): Every subset of T U Z[A] is coded in E. Every 
subset of T ll Z is coded in E. 

Proof: Let B be an arbitrary subset of T U Z [T“Z[t 4]]. Each element of B 
is of the form T(p) We transform each R u G T(p) for each p G B to a 
different R' still belonging to T(p): R' = {(({a;}, R ) , ({?/}, R)) \ x Ry}. 
The collection of relations R' is pairwise disjoint, so we can take their 
union and adjoin all pairs ( t , T) as new elements, where t is the top 
of one of the R n s and T is a fixed new top element (any pair whose 
second projection does not belong to B will do). The resulting relation 
is well-founded and has immediate components of exactly the right iso- 
morphism classes, but it is not extensional. By the theorem proved 
above on collapsing well-founded relations to well-founded [weakly] ex- 
tensional relations, we can define an equivalence relation on its field 
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and replace each element of the held by a representative of its equiva- 
lence class taken from a fixed choice set in such a way as to obtain a 
[weak] set diagram which has immediate components with isomorphism 
classes which are all and only the elements of B. 

Theorem (not using Choice): Every subset of T 2 “Z[A] is coded in E. 
Every subset of T 2li Z is coded in E. 

Proof: Let B be a subset of T 2ll Z [T 2 “Z[A]]. Each element T 2 (p) of B has 
a canonical representative, namely C P (E). These relations all agree on 
shared members of their domains (since they are all subsets of E). Add 
a new top element T and add all pairs (p, T) for T 2 (p) £ B as elements 
to their union to obtain a relation with the correct isomorphism classes 
of immediate components. 

Observation: The membership diagram E in higher types faithfully re- 
produces the membership diagrams in the E relations in lower types. 
Moreover, the E relation in higher types is complete in an obvious 
sense on its copy of the domains of the E relation of lower types: it 
codes all subsets of the domains at lower types, whereas a specific E 
relation cannot code all subsets of its own domain. For example, a 
specific relation E cannot code its own held Z = fid (E), because it is 
a well-founded relation (a code v for the entire held of E would satisfy 
v Ev). But T u fld(E) is coded (in E of a higher type) from which we 
can see that more sets are coded in higher types. 
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3.24.3 The Hierarchy of Ranks of Set Pictures 

We introduce the analogue here of the cumulative hierarchy of sets in the 
usual set theory - without atoms. From this point on we restrict ourselves 
to membership diagrams, though the results for weak membership diagrams 
are quite similar. 

Definition: For any set A C fld(FJ), we define P(A ) as the set of elements 
of f ld(E) which code subsets of A. We say that the subset A is complete 
if P(A) contains codes for all subsets of A. Notice that P(A) has the 
same type as A. 

Definition: We define the set of ranks in E as the intersection of all sets PI 
such that 0 e H, (V/i e H.P(h) e H), and (W4 C H. (J A e H) . 

Theorem: The set of ranks itself contains 0, is closed under P and closed 
under unions of sets of ranks. The ranks in E are well-ordered by 
inclusion. 

Theorem: fld(i?) is a rank. 

Definition: Let E denote the inclusion order on ranks in E. Then E Q is a 
general notation for ranks using our convention on ordinal indexing. 

Definition: Let 7 be the ordinal such that E 7 is the first incomplete rank. 

Theorem: E a , +n is a complete rank in a high enough type for each familiar 
natural number n. 

Theorem: IE^+qI = if E w+Q , is complete. 

The ranks code an iterative process for constructing sets by iterating the 
“power set” construction which may go through stages indexed by infinite 
ordinals. This is reminiscent of how the world of our type theory is con- 
structed, except that we lack the ability (or indeed the need) to pass to 
transfinite levels. 3 . 

3 We will explore further the question as to whether type theory suffers from the lack 
of transfinite levels. But notice that we are able to discuss the transfinite levels of the 
cumulative hierarchy in type theory here, and the possible presence of urelements means 
that the hierarchy will not necessarily be truncated at any definite point as it would be in 
a strongly extensional development of type theory 
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The set pictures are isomorphism classes supporting a T operation, so we 
can introduce type free variables ranging over set pictures using the conven- 
tions introduced above. Each set picture variable needs to be restricted to 
some definite type, which can be viewed as restriction of the variable to some 
set of set picture variables (in higher types) which can in turn be viewed as 
restriction of the variable to the preimage under E of some set picture (if 
we go up one more type so that all elements of the original type are images 
under T so we have completeness). Just as we represented the bounding of 
ordinal variables in types as bounding in the segment determined by an ordi- 
nal variable, we can represent the bounding of set picture variables in types 
or sets within types as a bounding in the preimage of a set picture under E. 

The self-contained theory of set pictures thus obtained is an untyped set 
theory with E as its membership. 

We outline the proofs of some important theorems of this untyped theory. 

Theorem: For every set picture a and every formula (j), there is a set picture 
r such that (Vp E r.p E a) and (Vp G o.p G r -B- 0). 

Proof: Our conventions ensure that we work in a type where o = T(o') for 
some o ' , and the result then follows from theorems given above: the 
image under T of any set of set pictures is coded. 

Theorem: For every set picture o, the set of all codes of subsets of the 
preimage of o under E is coded. 

Proof: Just as with the result that cardinal exponentiation is total in the 
untyped theory of cardinals, this is achieved by clever definition of our 
conventions. We stipulate that if any set picture a is mentioned, we 
work in a type high enough that o = T(o') for some o'. This ensures 
that any subcollection of the preimage of a under E is coded (the 
burden of the previous theorem) and is further itself also an image 
under T, so the collection of all these subsets is also coded (though it 
is not necessarily an image under T). Note that if we further mention 
this set (for a specific o) we bump ourselves into a yet higher type (so 
we can iterate this “power set” operation any concrete finite number 
of times). 
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4 Untyped theory of sets 

In this section we introduce the usual untyped set theories (Zermelo set 
theory and the stronger ZFC ) and relate them to type theory. We present 
the view that untyped set theory can be interpreted as the theory of set 
pictures (isomorphism types of certain well-founded extensional relations), 
which should already be suggested by the treatment at the end of the previous 
section. 

Further, we strongly criticize the idea that the axioms of Zermelo set 
theory are somehow essentially ad hoc , as is often suggested (this is stated 
with great confidence so often as to be cliche). There are some odd features 
of the earliest form of the axioms, which reflect the fact that they appear 
early in the process of understanding what can be done with set theory, but 
Zermelo set theory is very close to being exactly the abstract theory of set 
pictures, and this is not ad hoc. 

In untyped set theory there is only one kind of object - sets. There may 
also be atoms if extensionality is weakened to allow them but they will not 
be an essentially different sort (type) of object. Though this may seem to be 
quite a different kind of theory, we will see that the usual untyped set theory 
is not so distantly related to the typed theory of sets we have developed as 
you might think. 
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4.1 The original system of Zermelo 

The first modern axiomatic system of set theory was proposed by Zermelo 
in 1908. It is even older than the first publication of the famous Principia 
Mathematica of Russell and Whitehead, though not as old as Russell’s first 
proposal of the theory of types. 

The axioms differ somewhat from those in modern treatments. In this 
theory, we have primitive predicates of membership and equality, and all 
objects are of the same sort (there are no type restrictions in our language). 

Extensionality: Sets with the same elements are the same. It appears that 
Zermelo may allow atoms (non-sets) in his original formulation, but we 
will assume here that all objects are sets. 

Elementary Sets: The empty set 0 exists. For any objects x and y, {a;} 
and {x, y} are sets. 

Separation: For any property (p[x\ and set A, the set {x G A \ <p[x\] exists. 

Power Set: For any set A, the set {B \ B C 4} exists. The definition of 
A C B is the usual one. 

Union: For any set A, the set (J A = {x | (3 y G A.x G y)} exists. 

Infinity: There is a set I such that 0 G / and (\/x.x G / — * {a;} G I). 
Choice: Any pairwise disjoint collection of nonempty sets has a choice set. 

We give some discussion of the axioms. 

We will assume strong extensionality (objects with the same elements are 
equal), as is now usual, but note that Zermelo was prepared to allow non- 
sets with no elements. In type theory we use a weaker form of extensionality 
because the strong form of extensionality imposes a strong restriction on how 
large the universe of our type theory can be; in Zermelo set theory this is 
not the case. 

The axiom of elementary sets is more complicated than is necessary. The 
separate provision of the singleton set is not made in the modern treatment, 
as {a;} = {a;, a;} exists if we merely assert the existence of unordered pairs, 
and Separation and Infinity together imply the existence of the empty set 
(0 = {x G / | x ^ a:}). 
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Zermelo did not know that the ordered pair could be defined by (x, y) = 
{{x}, {a;, 2 /}}, but note that the ordered pair (now in the Kuratowski form) 
is provided by the axiom of elementary sets. 

The axiom of separation does not appear to imply any paradoxes. We 
attempt the Russell argument: define Ra = {x G A | x ^ a;}. Observe that 
Ra G Ra GG Ra € A A Ra & Ra- This would only lead to contradiction 
if Ra € A, so we conclude Ra & A, whence we conclude that there is no 
universal set (for every set A we have specified a set Ra which cannot belong 
to it). 

The axiom of power set and the axiom of union define familiar construc- 
tions. Note that x U y can be defined as |J {x,y}. xDy = {z£x\zEy} 
and x — y = {z£x\z^y} are provided by Separation alone. Comple- 
ments do not exist for any set. The cartesian product Ax B is definable as 
{c G V 2 (A U B ) j (3 ab.a G A A b G B A c = (a, b))} . 

For Zermelo the natural numbers were coded as iterated singletons of the 
empty set. Given the set / provided by the axiom of infinity, and terming 
sets containing 0 and closed under singleton “Zermelo-inductive” sets, we 
can define N as {n G / | n belongs to all Zermelo-inductive sets}. 

In a modern treatment, the von Neumann successor x + is defined as 
x C {a;}, and the axiom of infinity asserts that there is a set which contains 
the empty set and is closed under the von Neumann successor operation. It 
is interesting to observe that neither form of the axiom of infinity implies the 
other in the presence of the other Zermelo axioms (though they are equivalent 
in the presence of the axiom of replacement). 

It is remarkable that in spite of the fact that Zermelo did not know how 
to code the general theory of relations and functions into set theory (lacking 
an ordered pair definition) he was able to prove the Well-Ordering Theorem 
from the Axiom of Choice in his 1908 paper. Some day I have to look at how 
he did it! 

The axioms of Foundation and Replacement which complete the modern 
set theory ZFC were later developments. 

We describe a minimal model of Zermelo set theory. The domain of this 
model is the union of the sets V'iN). It is important to note that the Zermelo 
axioms give us no warrant for believing that this sequence of sets make up a 
set. Extensionality certainly holds in this structure. The empty set belongs 
to N, so is certainly found in this structure. It is useful at this point to note 
that N C V(N) (each Zermelo natural number is a set of Zermelo natural 
numbers, 0 being the empty set and n + 1 being {n}); since A C B obviously 
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implies V(A) C V(B), we have (by repeated application) V 1 (N) C V t+1 (N) 
and so C V 3 (H) if i < j. The iterated power sets of the set of natural 

numbers whose union is our structure are nested. For any x and y in the 
structure, there are m and n such that x G 'P m (N) and y G P n (N): both 
x and y belong to P m+n (N), and so {x,y} G V m+n+1 (N): the structure 
satisfies the axiom of elementary sets. If A G ^(N), then V(A) G 7 :,1+1 (N). 
If A G 'P’(N) (for i > 0), then (JA G 7 :,1_1 (N): the restriction to positive 
i is no real restriction because N C V(N). Infinity obviously holds since N 
belongs to the structure. If it is supposed that Choice holds in the whole 
universe it certainly holds in this structure, as a choice set for a partition in 
■p i+1 (N) will belong to P*(N) 

Notice the similarity between the role of iterated power sets of the natural 
numbers in our description of this structure and types in the theory of the 
previous section. The only difference is that the analogues of types here are 
cumulative. 
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4.1.1 Exercises 


1. We define x + as x U {re}. We use the modern form of the Axiom of 
Infinity: there is a set which contains 0 and is closed under x h+ x + . 
We implement 0 as 0, and if the natural number n is implemented as 
the set x, n + 1 is implemented as x + . 

We define N as the intersection of all sets which contain 0 and are 
closed under successor. Explain how we can show that this set exists 
using the axioms of infinity and separation. 

Show that the axioms of Peano arithmetic are satisfied in this imple- 
mentation of N. Proofs of axioms 1,2, 3, 5 should be very straightfor- 
ward. 

Axiom 4 requires you to show that x U {a;} — y U {y} implies x = y for 
all x, y G N. Show this using the axioms of Zermclo set theory ( without 
Foundation). 

Hints: how do you prove anything about natural numbers? You can 
begin as an exercise by proving that for no natural number n is n G n 
true, by induction of course. This is similar to the fact about natural 
numbers you need to prove to establish Axiom 4. I will give more 
explicit hints if you visit me with work in progress. 

2. Write a proof in Zermelo set theory with the modern form of the Axiom 
of Infinity (and without Foundation) that no natural number is an 
element of itself. This will of course be an induction proof using the 
definitions O = 0;n + l = n + = nU{n}. Intense attention to “obvious” 
detail is needed at this level. Hint: it will be useful (and easy) to prove 
first (by induction of course) that all natural numbers are transitive. 

Even more of a hint: the induction step looks like this. Suppose n (jL n. 
Our goal is to show n + 1 — n U {n} is not an element of itself. Suppose 
otherwise for the sake of a contradiction. We suppose that is that 
n+ 1 G 77 + 1 = 77 U { 77 }. So either 77 + 1 G n (something bad happens. . .) 
or 77 + 1 = 77 (something bad happens. . .). 
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4.2 The intended interpretation of Zermelo set theory 
in set pictures; the Axiom of Rank; transitive clo- 
sures and Foundation 

Our intention in this section is to show how Zermelo set theory can be inter- 
preted in subsets of the set Z of set pictures with the relation E standing in 
for membership, and to observe that when Zermelo set theory is implemented 
in this way certain additional axioms hold which make the system easier to 
work with. 

Any sentence of the language of untyped set theory can be translated 
into a sentence of onr type theory by replacing each occurrence of € with the 
relation E and bounding each quantifier in the set Z (all in some fixed type). 
In fact, instead of bounding it in Z, we bound it in Ea, where A > oj ■ 2 is 
a limit ordinal. We assume that each rank below rank A is complete, so we 
are assuming at least the existence of 

We claim that (under the assumption that all types below A are complete), 
the translations of the axioms of Zermelo set theory into the language of type 
theory are true, so we have a way to understand untyped set theory in terms 
of onr type theory. 

Extensionality: Sets with the same elements are the same. It appears that 
Zermelo may allow atoms (non-sets) in his original formulation, but we 
will assume here that all objects are sets. 

Verification of Extensionality: This follows from the fact that E is a 
membership diagram, and so an extensional relation (and the fact that 
E end extends the restriction of E to any Ea; the preimage of any 
element of the field of the restriction under the restriction is the same as 
its preimage under E itself, so extensionality of E implies extensionality 
of the restriction. 

Elementary Sets: The empty set 0 exists. For any objects x and y, {x} 
and {x, y} are sets. 

Verification of Elementary Sets: The equivalence class of the empty set 
diagram belongs to Ea and has empty preimage under E, so satisfies the 
translation of the properties of the empty set. Let a, b e E A . a G E„ and 
b e E^ for some a,/3 < A. Because A is limit, max(a, ^) + 1 < A, and 
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since E max ( Qi( g) is a complete rank, {a, b} has an A- code in E max ( ai( g) +1 C 
Ea 

Separation: For any property <p[x\ and set A, the set {x G A \ <p[x\] exists. 

Verification of Separation: Any A G Ea belongs to some rank E Q+1 for 
a < A (every element of Z first appears in a successor rank). The 
formula <p[x] translates to a formula <h[a;] in the language of type theory. 
The set {a; G E a | x E dA$[i]} exists by comprehension in type theory 
and has an A-code in E a _|_i because E„ is a complete rank. 

Power Set: For any set A, the set {B j B C A} exists. The definition of 
A C B is the usual one. 

Verification of Power Set: Any A G Ea belongs to some rank E a+1 for 
a < A (every element of Z first appears in a successor rank), a + 1 
and a + 2 are also less than A because A is limit. The translation of 
B C A asserts that the A-preimage of A is a subset of the A-preimage 
of A. Each B whose A-preimage is a subset of the A-preimage of A 
also belongs to E a+1 (because each element of its A-preimage belongs 
to E a and E„ is complete), so the set of all such B has an A-code in 
Eq, + 2 , because E q+ i is complete. 

Union: For any set A, the set (J A = {x \ (By e A.x G y)} exists. 

Verification of Union: Any A G Ea belongs to some rank E Q+1 for a < A 
(every element of Z first appears in a successor rank). The translation 
of (By G A.x G y) into the language of type theory asserts that x is in 
the A | A-preimage of A, which is a subset of E a , so has an A-code in 
E q+ i, because E Q is complete. 

Infinity: There is a set / such that 0 G / and (Vx.x G / — » {x} G I). 

Verification of Infinity: Define a relation on the ordinals < co by x R y GG 
y = x+ lVy = uj. The isomorphism type of this relation is the 
implementation of /. 

Choice: Any pairwise disjoint collection of nonempty sets has a choice set. 

Verification of Choice: The translation of the property “A is a pairwise 
disjoint collection of nonempty sets” into the language of type theory 
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is “P is an element of E,\ such that the E-preimages of the elements of 
its E-preimage are nonempty and disjoint”. P E Ea belongs to some 
rank E a+ i for a < A. Each element of the E-preimage of an element of 
the E-preimage of P belongs to E Q: . By the Axiom of Choice in type 
theory, the pairwise disjoint collection of nonempty E-preimages of the 
elements of the E-preimage of P has a choice set, which is a subset of 
E„, so has an E-code because E Q is a complete rank. 

Furthermore, the translation of the axioms of Zermelo set theory into the 
theory of all set pictures expressed with type-free set picture variables are 
true, with a qualification, for essentially the same reasons given above. The 
qualification is that Separation will only work for formulas in which every 
quantifier is bounded in a set, because we cannot translate sentences which 
do not have this property from the language of type-free set picture variables 
back into the language of type theory. The version of Zermelo set theory with 
this restriction on Separation is called “bounded Zermelo set theory” or “Mac 
Lane set theory” , the latter because Saunders Mac Lane has advocated it as 
a foundational system. Notice that the translation of Mac Lane set theory 
into the type-free theory of set pictures does not require the assumption that 
Do, exists: the only axiom that requires that A be limit in the development 
above is Power Set, and the verification of the translation of Power Set in the 
theory of all set pictures is given at the end of the previous section (basically, 
one can introduce the “power set” of any particular “set” one mentions by 
working in a higher type). 

We state an additional axiom which holds in both the implementations 
of Zermelo set theory given here, but which fails to hold in some eccentric 
models of Zermelo set theory. This axiom expresses the idea that every 
element of E A belongs to some rank E a . 

Observation: The Kuratowski pair {{x}, {x, y}} of two sets x and y is easily 
seen to be a set, and the proof that this is a pair goes much as in type 
theory. We can then define relations (and in particular well-orderings) 
just as we did in type theory. 

Definition: A subhierarchy is a set H which is well-ordered by inclusion and 
in which each successor in the inclusion order on H is the power set of 
its predecessor and each limit in the inclusion order on H is the union 
of all its predecessors in that order. A rank is a set which belongs to 
some subhierarchy. 
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Theorem: Of any two distinct subhierarchies, one is an initial segment of the 
other in the inclusion order. So all ranks are well-ordered by inclusion. 

Axiom of Rank: Every set is a subset of some rank. 

Verification of the Axiom of Rank: Each A G E A belongs to some E a , 
a < A. Each E Q has an E-code, which we will call V a , because it is a 
complete rank. For any (3, {V Q \ a < (3} has an E-code, which we will 
call H a , because it is a subset of E^+i. It is straightforward to verify 
that H a satisfies the stated properties for a subhierarchy (translated 
into the language of type theory), whence we have the translation of 
“V a is a rank” , and “A C V a v , so the translation of “A is a subset of 
some rank” holds. 

The Axiom of Rank has many useful consequences. We give two of them 

here. 

Definition: We say that a set A is transitive iff ( \/x G A.(Vy G x.y G A)). 
It is worth noting that a set is transitive (in our interpretation in type 
theory) iff any set diagram belonging to the set picture implementing 
A is a transitive relation. 

Theorem: Every set is included in a transitive set. 

Proof: It is straightforward to prove by transhnite induction along the in- 
clusion order that all ranks are transitive. By the Axiom of Rank every 
set is included in a rank. 

Definition: For any set A, we define r a as the minimal rank in the inclusion 
order including A as a subset. We dehne TC(A), the transitive closure 
of A, as {x G r a | every transitive set including A includes x}. This 
exists by Separation and is the minimal transitive set in the inclusion 
order which includes A as a subset. TC({A}), which also contains A as 
an element, will sometimes be of more interest. 

Observation: That sets have transitive closures is not provable in Zermelo 
set theory as originally formulated. The usual proof in ZFC requires the 
very powerful Axiom of Replacement. This is deceptive, as Zermelo set 
theory with the Axiom of Rank is not essentially stronger than Zermelo 
set theory (it is possible to interpret the latter in the former), while 
the Axiom of Replacement makes Zermelo set theory far stronger. 
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Theorem (the Axiom of Foundation) : Every set A has an element x 
such that x is disjoint from A. 

Proof: Let r be the minimal rank in the inclusion order which includes an 
element of A as an element, and let x e r fl A. Each element of x 
belongs to a rank properly included in r, so x is disjoint from A. 

The Axiom of Foundation is frequently (anachronistically) adjoined to 
Zermelo set theory as an additional axiom. 

We observed above that the modern form of the Axiom of Infinity and the 
original form do not imply each other in the presence of the other axioms. 
They do imply each other in the presence of the Axiom of Rank. For the 
Axiom of Rank, combined with the existence of any infinite set, implies 
that there is a minimal infinite rank Vb in the inclusion order, and both 
the Zermelo natural numbers and the von Neumann natural numbers are 
definable subsets of V w (since all of the elements of either are clearly of finite 
rank). It is also amusing to note that the Axioms of Pairing and Union can 
be omitted in the presence of the Axiom of Rank, (a, b} can be derived using 
Separation as a subset of the power set of r a U r b (this binary set union exists 
because it is actually one of the ranks r a and r b ), and (J A can be derived 
using Separation as a subset of TC(A). 
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4.3 Developing mathematics in Zermelo set theory 

In this section we develop basic mathematical constructions in Zermelo set 
theory. 

We begin with a very basic 
Theorem: (VA(3x.a; qL 4)) 

Proof: This theorem follows from Separation alone. Consider Ra = {x E 
A | x qL x}. Suppose Ra E A. It follows that Ra E Ra g* Ra & Ra- 

Since it follows from Foundation that x <jL x for any x, it further follows 
from Zermelo set theory with the Axiom of Rank that Ra = A for all A. 

It is a fundamental characteristic of Zermelo set theory (and of all stronger 
theories) that there are no very big sets (such as the universe V). Many 
mistake this for a fundamental characteristic of set theory. 

We want to implement relations and functions. Here it is very convenient 
to work with the Kuratowski pair. 

Definition: (x , y) = {{x} , {x , y}} 

Theorem: For any sets x and y, (x,y) is a set. 

This theorem is not enough by itself to ensure that we can use the Kura- 
towski pair to get an adequate theory of relations. 

Definition: AUF = (J{d, B} 

Theorem: A\J B exists for any sets A and B (this is clear from the form of 
the definition). AU B = {x \ x E A\/ x E B}. Notice that the latter 
definition, which we used as the primary definition in type theory, is 
not guaranteed to define a set by Separation. 

Definition: An B = {x E A \ x E B }; A — B = {x E A \ x £ B}. If A is a 
set and B E A, f]A = {xEB\ (Va E A.x E A)}. 

Theorem: For any sets A and B, A n B and A — B exist. This is obvious 
from the forms of the definitions. If A is nonempty, f) A exists and the 
definition of the set does not depend on the choice of the element B. 

Definition: AxB = {i£ V 2 (A\JB) \ (3a E A. (3b E B.x = {{a}, {a, £>}}))}. 
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Theorem: AxB exists for all sets A and B. AxB = {(a,b) \ a £ A/\b £ B}. 
The existence of A x B is obvious from the form of the definition. The 
trick is to notice that any pair (a, b) = {{a}, {a, 6}} with a £ A and 
b £ B actually belongs to V 2 (A U B), because {a} and {a, b} both 
belong to V(A U B). 

Definition: A relation is a set of ordered pairs. We define xRy as (x, y) £ 

R. 

Observation: Just as in type theory, not every logical relation is a set rela- 
tion. For example, the logical relation of equality is not implemented 
as a set, because Q = {(x,y) \ x = y} would have the unfortunate 
property IJ 2 Q — V, the universal set, which we know does not exist. 
For similar reasons, membership and inclusion are not set relations. 

Definition: For any relation R, we define fid (R) as [J 2 R, dom (R) as 

{x £ fld(R) | (By. (x,y) £ /?)}, 

and rng(.R) as 

{y £ fld(R) | (3x. (x,y) £ R)}. 

Theorem: The field, domain, and range of a relation R are sets. This is ev- 
ident from the forms of the definitions. That they are the intended sets 
is evident from the fact that if (x, y) £ R then x, y £ IJ 2 R. Moreover, 
fld(i?) = dom(i?) (J rng(i?) and R C dom(i?) X rng(i?) C fld(i?) 2 . 

Once we have verified that we have an adequate foundation for the the- 
ory of relations, we can import definitions and concepts wholesale from type 
theory, always subject to the limitation that we cannot construct very large 
collections. For example we cannot define cardinals, ordinals, or general 
isomorphism types as equivalence classes under equinumerousness or isomor- 
phism, because equinumerousness, isomorphism, and most of their equiva- 
lence classes are not sets. 
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In Zermelo set theory as originally formulated, there is no uniform so- 
lution to this problem. However, in Zermelo set theory with the Axiom of 
Rank we have a formal device to remedy this lack, known as “Scott’s trick”. 

Definition: For any formula 4>[x], define r^ x ] as the minimal rank r such 
that (=h G r.(f>[x]), or as the empty set if there is no such rank r. Define 
{x : 0} as {x G r^[ x \ | 0[x]}. {x : 4>[x]} is obviously a set for all formulas 

0 N- 

Definition: A ~ B iff there is a bijection from A onto B, as in type theory. 
|A|, the Scott cardinal of A, is defined as {B : B ~ A}. For any 
relations R and S, we say that R ~ S iff there is a bijection / from 
fld(R) onto fld(S') such that x Ry GG f(x) S f(y). We define the Scott 
isomorphism type of R as {S : S ~ R}. Scott isomorphism types of 
well-orderings are called Scott order types (of the well-orderings: ot (W) 
is the Scott order type of a well-ordering W ) or Scott ordinal numbers 
(as a class). 

Now that we have defined ordinals we can define the notation V a . 

Definition: For any subhierarchy h. introduce the nonce notation </, for 
the inclusion order restricted to h. If a is an ordinal we define V a as 
the rank A (if there is one) such that ot((</j)^) = a for any <h with 
A in its field. It is straightforward to show that ot((</ l ) J 4 ) is the same 
ordinal for any </,. with A in its field, and that A is uniquely determined 
by a. 

In Zermelo set theory with the Rank Axiom we can prove that every set 
belongs to some V a but we cannot prove the existence of W- 2 - But we do 
have the ability to define order types for every well-ordering and cardinals 
for every set using the Scott definitions. 

These are not the definitions of cardinal and ordinal number which are 
usually used in ZFC. We give those definitions (due to von Neumann) but 
they have the limitations that they do not necessary work in Zermelo set 
theory without Replacement (not all well-orderings can be shown to have 
order types, nor can all sets be shown to have cardinals) and the von Neu- 
mann definition of cardinal depends essentially on the Axiom of Choice, as 
the Scott definition does not. 
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Definition: A (von Neumann) ordinal number is a transitive set which is 
strictly well-ordered by the membership relation. 

Observation: In our implementation of Zermelo set theory in set pictures, 
a von Neumann ordinal number a is implemented by the isomorphism 
type of strict well-orderings of type a + 1 (except for 0, which is im- 
plemented by the order type of the usual empty order). In E T 2 ( A ), only 
the ordinals less than A are implemented in this way. If A = u ■ 2, this 
definition is not useful: the only infinite well-orderings with order types 
are of the form to + n, but there are much longer order types that are 
realized (such as uq). A hypothesis adequate to make this definition 
useful is “Hr 2 (A) exists for each ordinal A” in the ambient type theory. 
The Axiom of Replacement of ZFC makes this definition usable (and 
is much stronger). 

Definition: The (von Neumann) order type of a well-ordering W is the 
von Neumann ordinal a such that the union of the restrictions of the 
membership and equality relations on a 2 is isomorphic to W. 

Definition: The (von Neumann) cardinality of a set A is the smallest von 
Neumann ordinal which is the order type of a well-ordering of A. 

We make a general claim here that mathematical results can be imported 
from type theory to untyped set theory. It is useful to give a uniform account 
of how such a general claim can be justified (which also makes it clear exactly 
what is claimed). 

Just as we can translate the language of Zermelo set theory into the 
language of type theory in a way which makes the axioms true, so we can 
translate the language of type theory into the language of untyped set theory 
in a way which makes the axioms true - and so makes all the theorems true. 

Let (j) be a formula of the language of type theory mentioning n types. 
Let A 7 )), Ad, . . . X n _i be a sequence of sets such that 'P(X i ) C X l+ \ for each 
appropriate index i. The translation ( (p) x is defined as follows: each quan- 
tifier over type i is restricted to A ). Each formula x € y, where x is of type 
i and y is of type i + 1 is translated as x G y A y G V{X,j) (elements of 
X l+ \ — V(Xi) are interpreted as urelements); formulas of the form x = y are 
interpreted as x = y. Such a translation is also feasible if there is an infinite 
sequence with the same properties, but it is not a theorem of Zermelo set 
theory that there are such sequences. A specific version which we will write 
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[((>] x has X t = V 1 (X) for a fixed set X: a nice feature of this version is that 
we can generate as many terms of the sequence as we need in a uniform way. 
It is straightforward to verify that as long as X 0 is infinite the translations of 
all axioms of type theory into the language of untyped set theory are true. It 
can further be noted that expressions T representing sets in the language of 
type theory will also have translations {T)x where X is a sequence or [T\x 
where X is a set. 

This makes a wide class of mathematical assertions readily portable from 
type theory to set theory. For example, all of our assertions about cardinal 
and ordinal arithmetic have readily determined analogues in untyped set 
theory. 
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4.4 Digression: Interpreting typed set theory as Mac 
Lane set theory 

Mac Lane set theory (untyped set theory with the boundedness restriction 
on the Axiom of Separation) can be interpreted in typed set theory with 
strong extensionality, using our entire universe of typed objects. We begin 
by postulating an operator J which is injective (J(x) = J(y) — >• x = y) and 
sends type 0 objects to type 1 objects. An example of such an operator is 
the singleton operator i. Any such J can be thought of as implemented by a 
function i“V° ->• V 1 . 

We now indicate how to extend the J operator to all types. If J is 
defined for type n objects we define J(a; n+1 ) as { J{y n ) | y n G a; n+1 }. Briefly, 
J(x) = J“x. It is easy to see that J is injective on every type: we have 
J (x) — J (y) GG x — y, no matter what the common type of x and y. By the 
definition of J at successive types, we further have J(x) G J(y) GG x G y, no 
matter what the successive types of x and y. 

In our interpretation of untyped set theory, we identify every object x of 
whatever type with each of its iterated images J n (x) under the J operator: 
in this way each type n is seen to be embedded in type n + 1 . If a; is of type 
m and y is of type n, we have x = y in the interpretation iff J n (x) = J m (y ) 
(note that both of these terms are of the same type m + n) and we have 
x G y in the interpretation iff J n {x) G J m+1 (y) (in which the terms have 
successive types m + n and m + n + 1). Notice that if x and y are of the 
same type n, J n \x) = J n (y) GG x = y, and if x and y are of successive types 
n and n + 1, J n+1 (x) G J n+1 (y) GG x G y: where equality and membership 
make sense in type theory, they coincide with equality and membership in 
the typed theory. 

If x,y,z have types m,n,p, and we have x = y and y = z, we have 
J n (x) = J m (y ) and J p (y ) = J n (z). Further applications of J to both sides of 
these formulas show that transitivity of equality works: J n+P (x ) = J m+P (y) 
and J m+P (y) = J m+n \z) are implied by the previous equations and imply 
J n+P (x) = J m+n (z), which in turn by injectivity of J implies J p (x ) = J m \z) 
which is the interpretation of x — z. Reflexivity and symmetry of equality 
present no difficulties. The substitution property of equality requires some 
technical detail for its verification which we do not (NOTE: yet) give here. 

We verify that some of the axioms of Mac Lane set theory hold in this 
interpretation. 

We discuss the Axiom of Extensionality. Suppose that x is of type n 
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and y is of type n + k. If k = 0 and x and y have the same elements, then 
x = y by the axiom of extensionality of type theory. Otherwise, if for all z 
of type m we have z G x iff z G y in the interpreted theory, this means we 
have J n (z ) G J m (x) iff J n+k (z ) G J m (y), and further J n+fc (^) G J m+k (x), 
whence J m (y) = J TO+fc (x), whence J n {y ) = J" +fc (x), whence x = y in the 
interpretation, which is what is wanted. 

Now we discuss the Axiom of Bounded Separation. We want to show the 
existence of {x G A j 0[x]} in the untyped theory, where 0 is a formula in 
membership and equality (it should not mention the predicate of typehood, 
which does not translate to anything in the language of type theory, though 
of course it may mention specific types) we suppose that every quantifier in 
0[x] is restricted to a set. Assign referents to each free variable appearing in 
{x G A j 0[x]}, then assign each bound variable the type one lower than that 
assigned to the set to which it is restricted ( A in the case of x, the bound 
on the quantifier in the case of quantified sets; if the bound is type 0, make 
the variable type 0 as well), then apply our interpretation of the untyped 
language in the typed language (adding applications of J to variables in such 
a way as to make everything well-typed). For example, {x G A \ x (jL x} 
would become {x G A \ x 0 J(x)}, with x being assigned type one lower 
than that assigned to A (unless A was assigned a referent of type 0, in which 
case we would have {x G J{A) \ x 0 J(x)}). The resulting set abstract exists 
in our typed theory and has the right extension in the interpretation. If there 
were unbounded quantifiers in 0[x], there would be no way to interpret them 
in terms of our typed theory, which does not allow any way to quantify over 
objects of all types. 

(NOTE: more axioms to be supplied. Rank will not necessarily hold 
here; the form of infinity which holds depends on the exact form of J. This 
development is more ad hoc and more closely related to the original form(s) 
of Zermelo set theory). 

Something like this interpretation can also be carried out in the version 
of type theory with weak extensionality. We detail the modifications of the 
construction. 

The operation J must be defined at atoms in each positive type. J is 
defined on type 0 as an injective operation raising type by 1, as above. If 
J is defined on type n objects, we define it on type n + 1 sets as before: 
J(x n+1 ) = J“(x n ). There are no more than T|E n+1 j elementwise images 
under J in type n + 2: since T|E n+1 | < \P(V n+1 )\ by Cantor’s theorem, 
we can choose as many distinct further elements of V(V n+1 ), i.e., sets in 
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V n+ 2 , as we need as images of the type n + 1 atoms under J. The result 
x G y GG J(x) G «/(?/) now holds only if y is a set, and for this reason we 
modify the interpretation of x G y in the untyped theory (where x and y have 
types m and n respectively in type theory) to J n+1 (x ) G .J m+l (y): if x were of 
type 0 and y were an urclcment of whatever type the original interpretation 
J n (x) G J m (y) would not work correctly. 
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4.5 The von Neumann definitions of ordinal and car- 
dinal number 

We introduced the perhaps mysterious traditional definition of ordinal num- 
ber due to von Neumann above: 

Definition: An ordinal number is a transitive set A which is strictly well- 
ordered by membership (i.e., the restriction of the membership relation 
to A x A is the strict partial order corresponding to a well-ordering). 
Or “a transitive set of transitive sets none of which are self-membered” . 

Observation: This seems to be equivalent to “x is an ordinal iff re is a 
transitive set, no element of x is self-membered, and x is well-ordered 
by inclusion” . This has the merit that our preferred definition of well- 
ordering is used. Let x be an ordinal by this definition. For each y G x, 
and each z £ y, we have z G x because x is transitive, so we have either 
z C y or y C z. But y C z is impossible because this would imply 
z G z. 

Definition: For any ordinal a, use G Q to represent G Ha 2 (which we know 
is a strict well- ordering). 

Theorem: For any ordinal a and any (3 € a, (3 is an ordinal, /3 = seg e (/3) 
and E/ 3 = (g Q )p . 

Proof: (fGyG/?— S-< 5 G Q 7 G a / 3 ( 7 ,< 5 Ga because a is transitive) and 
this implies 5 G a /3 and so 5 G /3 because G Q is a partial order. Thus 
/3 G a is transitive. G D f3 2 is a strict well-ordering because it is a 
suborder of G flcr 2 . Further, it is evident that G^= (€. a )p'- the order 
on f3 is the segment restriction of the order on a determined by (3, 
because (3 is identical to the segment in the order on a determined by 
/3: f3 = {7 G a | 7 G (3} (this uses transitivity of a) = {7 | 7 G a /3}. 

Theorem: For any two ordinal numbers a and (3, exactly one of the following 
is true: a = (3, a £ (3 A a C (3, (3 £ a A (3 C a. Any set of ordinal 
numbers is thus linearly ordered by C: moreover, this linear order is a 
well-ordering. 

Proof: By a basic theorem on well-orderings proved above, we know that 
there is either an isomorphism from G a to G/j, an isomorphism from 
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G a to some (e j g) 7 =G 7 for some 7 G f3 or an isomorphism from G ; g to 
some (g q ) 7 =G 7 for some 76 a. It is then clearly sufficient to show 
that for any ordinals a and /3, if Go,~G/ 3 , then a — (3. Suppose for the 
sake of a contradiction that / : a — > /3 is an isomorphism from G Q to 
G^ and that there is some 7 G a such that /( 7) 7^ 7. There is then 
a G 0 -least such 7. We have 7 as the G Q -least element of a such that 
/( 7) 7 ^ 7. The objects which are G^ 7 ( 7 ) are exactly those f( 5 ) such 
that 5 G a 7 (this is just because / is an isomorphism). We can read G Q 
and Gyj simply as membership, and we remind ourselves that for any 
5 < 7 /(h) = h, and thus we see that 7 = /( 7) because they have the 
same members, which is a contradiction. 

That a G f3 — > a C f3 expresses the fact that ordinals are transitive sets. 
C is a partial order on sets and what we have shown so far indicates 
that it is a linear order on ordinals. To see that it is a well-ordering, 
we need to show that any nonempty set A of ordinals has a C-least 
element: since A is nonempty, we can choose a G A; either there is 
some f3 G a which is an element of A or there is not. If there is none, 
then a is the C- (and G-) least element of A\ otherwise the C — (and 
G-) least element of a which belongs to A will be the C — (and G- 
) least element of A: there is such an element because G is a strict 
well-ordering of a and so C is a well-ordering of a. 

Definition: For any well-ordering <, we define ot(<) as the ordinal a (if 
any) such that the well-ordering of a by C is isomorphic to <. 

Definition: For any set A, we define |A| as the minimal ordinal a in the 
inclusion order such that A ~ a. 

Note that in the usual set theory we identify a cardinal number with 
its initial ordinal: these are not the same object in type theory, though of 
course they are closely related. This is another of those differences between 
possible implementations of mathematical concepts in set theory that one 
should watch out for (in the Scott implementation of cardinals and ordinals 
in Zermelo set theory, a cardinal is not identified with its initial ordinal). 
The fact that though we identify these concepts formally in ZFC we do not 
actually think of them as having the same mathematical content is witnessed 
by the fact that we use different notations for N (the set of natural numbers), 
u (the first infinite ordinal) and Kq (the first infinite cardinal) although these 
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are all implemented as exactly the same object! Note that in type theory 
they are all different. 

The axioms we have given so far do not ensure that all well-orderings 
have order types or that all sets have cardinalities: we have already described 
intepretations of the axioms of Zermclo set theory in type theory in which 
these statements do not hold. 

The axioms of Zermelo set theory (as given here) do ensure that each finite 
well-ordering has an order type, and each finite set has a cardinality. So we 
have already provided a full implementation of the natural numbers using the 
von Neumann definitions. Further, one can deduce from the modern version 
of the Infinity axiom of Zermclo set theory (and Separation) that the first 
infinite ordinal u exists as a set, which by the conventions we have given is to 
be identified with both the cardinal Ko and the set N of all natural numbers. 

It is important to notice that just as there can be no set V of all sets 
in Zermelo set theory, there can be no set Ord of all ordinals (so transhnite 
induction and recursion must be stated in property-based or restricted forms 
in this theory). For the ordinals are strictly well-ordered by membership in 
an obvious external sense: if there were a set hi which contained all ordinals, 
it would be an ordinal, so we would have id e hi, and this is impossible again 
by the definition of ordinal. This is a version of the Burali-Forti paradox, 
another of the classical paradoxes of set theory. 
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4.5.1 Exercises 


1. The Scott definition of a natural number n is that it is the collection 
of all sets of size n and rank as low as possible. Remember the rank of 
a set A is the first ordinal a such that A is a subset of V a . Write down 
as many Scott natural numbers as explicit sets as you can stand to. 
Work out the sizes of the next few (how many elements do they have? 
- go up to 20 or so?) All you need for this is an understanding of what 
Vo,Vi,V 2 . . . (the finite ranks) are, and some familiar combinatorics. 
You might also want to see what you can say about the Scott natural 
number 60000 versus the Scott natural 70000. There is a dramatic 
difference (smiley). 

2. The Axiom of Foundation asserts that for any nonempty set x there is 
a set y E x such that x fl y = 0. 

One way of understanding this is that this axiom says that if we look at 
G fla; 2 (the membership relation on x 2 that it must have a “minimal” 
element - “minimal” is in scare quotes because membership is not an 
order relation. A “minimal” element y will have empty preimage under 
the membership relation restricted to x - that is, it wil have no elements 
in common with x. 

Use the Axiom of Foundation (along with the other axioms of course) 
to prove the following: 

(a) There is no set x such that iGi. 

(b) There is no sequence s such that for all n G N we have s n+ i G s n . 

The strategy to follow is this: in each part, identify a set which would 
have no “minimal” element in the membership relation. 
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4.6 The Axiom of Replacement and ZFC 

We introduce the missing assumption of the usual set theory which makes it 
possible to prove that the von Neumann definitions of ordinal and cardinal 
number are total. 

class function notation: If we have a formula (p[x,y\ such that for every x 
there is at most one y such that y\, we introduce notation y = F^ix) 
for the unique y associated with a given x. Notice that is not 
understood to be a set here. 

Axiom of Replacement: If we have a formula (f>\x,y\ such that for every 
x there is at most one y such that (f>[x,y\, and define F^ix) as above, 
then for every set A, the set {F^(x) \ x G A} exists. 

The Axiom of Replacement can be used then to justify the recursive 
definition of the V^’s above. What the axiom of replacement says, essentially, 
is that any collection we can show to be the same size as or smaller than a 
set is in fact a set. 

Theorem: ot(<) exists for every well-ordering <. 

Proof: Let < be a well-ordering such that ot(<) does not exist. If there 
are x such that ot((<) x ) does not exist, define < 0 as (<),„ for the 
smallest such x; otherwise define <o as < itself. In either case <o is 
a well-ordering which has no order type with the property that all of 
its initial segments have order types. We now define a formula (p[x,a] 
which says “a is the order type of (<o) x ” (the tricky bit is showing that 
we can say this). Notice that once we do this we are done: {F^ix) \ 
x G fld(< 0 )} will be the first von Neumann ordinal after all the order 
types of segment restrictions of <o, which will be the order type of <o 
contrary to assumption. 

(p[x, a] is defined as “if / is a (set) function with domain an initial 
segment of < 0 containing x and having the property f(y) = { f(z ) j 
z <o y} for each y in its domain, then f(x) = a It is straightforward 
to prove that exactly one such function / exists for each initial segment 
of <o (its extendability at limits in < 0 uses Replacement). 

We have already seen that provision of this formula leads to a contra- 
diction to our original assumption. 
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Corollary: The von Neumann cardinal A exists for every set A. 

Proof: There is a well-ordering of A, whose order type is an ordinal with 
the same cardinality of A. Either this is the smallest ordinal (in the 
inclusion order) with this property, in which case it is \A\ itself, or it 
has elements which have this property, among which there must be a 
smallest, which is |A|. 

Theorem: V a exists for each a. 

Proof: Consider the smallest ordinal A for which V\ does not exist (it is 
obviously a limit ordinal if it exists). 

Find a formula <fi[a, A] which says “A = V a ” and we are done, because 
we can then define the set {F^a) \ a G A}, and the union of this set 
will be V\ contrary to assumption. 

The formula (j)[a, A] says “there is a function / whose domain is an 
ordinal (3 such that a G (3, and /( 0) = 0, /( 7 + 1) = V(f( 7)) if 
7 + 1 G /3, and /(/1) = (J{/(7) | 7 G /i} for each limit ordinal /i G /3, 
and /(a) = x” . The fact that there is a unique such function / for each 
(3 < A is readily shown: Replacement is used to show extendability of 
/ at limit ordinals. 

Zermclo set theory augmented with the Axiom of Replacement is known 
as ZFC (Zermelo-Fraenkel set theory with Choice). [The Rank Axiom is not 
needed because it can be proved from the other axioms of Zermclo set theory 
and the Axiom of Replacement.] This is the system of set theory which is 
most commonly used. 

Although the Axiom of Replacement is sufficient to make the von Neu- 
mann definitions of cardinality and order type succeed, it is certainly not 
necessary. A weaker axiom with the same effect (already noted above in a 
type-theoretic form) is 

Axiom of Beth Numbers: For every Scott ordinal a, exists. 

We define things in terms of Scott ordinals because we do not wish to 
presume that the von Neumann ordinal a exists; that is what we are trying 
to prove. A set of size must be included in a rank Vp with (3 > a, and the 
von Neumann ordinal a will be present in Vp + \ . Notice that the Axiom of 
Rank plays an essential role in this argument: existence of large D numbers 
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in the original Zermelo set theory does not have any effect on existence of 
von Neumann ordinals. 

Another axiom which works is the stronger 

Axiom of Beth Fixed Points: For every cardinal k , there is a cardinal 
A > k such that Da = A. 
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4.7 Translation between Type Theory and Set Theory 

We discuss how to transfer mathematical concepts and theorems from type 
theory to set theory. 

We have already seen that any formula of the language of type theory 
can be translated to a formula [(j)\x (where A" is an infinite set) which asserts 
that 4> holds in a model of type theory in which X is type 0, V(X) is type 1, 
and in general V n (X) is type n. [0]_\- is obtained by rereading membership 
and equality as the relations of the untyped theory and restricting each type 
n variable to V n (X). For each axiom 0 of type theory (in each of its ex- 
plicitly typed versions), it is straightforward to show that [<j)]x is a theorem 
of Zermelo set theory. So for any theorem (j) of type theory we have [4>\x a 
theorem of Zermelo set theory, and in fact we also have “for all infinite sets 
X, [4>\x" a theorem of Zermelo set theory. 

Every object t we can define in the language of type theory has analogues 
tx for each infinite set X. This presents an obvious problem (a stronger 
version of the ambiguity of type theory which our avoidance of type indices 
partially obscures). All our definitions of specific objects, with a few ex- 
ceptions such as 0, refer to different objects depending on the choice of the 
parameter X. For example the number 3 n+2 is implemented as [P n (X)] 3 , 
the set of all subsets of V n (X) with exactly three elements. Just which set 
this is varies with the choice of A" (and n) . 

A possible conceptual problem with the theory of functions can be dis- 
pelled: in type theory, we can prove easily that the functions from a set A to 
a set B defined using Kuratowski pairs correspond precisely to those defined 
using Quine pairs (they are at different types but this ceases to be so incon- 
venient when we are translating to untyped set theory). So the question of 
which sets are the same size and which relations are isomorphic is settled in 
the same way no matter which pair definition one uses. 

Nonetheless, the theory of cardinals and ordinals can be stated in untyped 
set theory as the theory of specific objects. Here we suppose that we use 
von Neumann ordinals as the implementation of ordinal numbers, and von 
Neumann initial ordinals as the implementation of cardinals. A sentence 
(|A| = k)x asserts that A belongs to a certain cardinal Kx- This translates 
to an assertion \A\ = k in the language of untyped set theory, now not 
meaning A e K\ but A ~ k, where k is the first von Neumann ordinal 
which is equinumerous with an element (and so with all elements) of Kx- 
Further, it is important to note that for any cardinal (ft n )x the von Neumann 
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initial ordinal associated with it will be the same as the von Neumann initial 
ordinal associated with (T(ft) n+1 )x: this gives a concrete meaning to our 
erstwhile intuitive feeling that k and T(k) are in fact the same cardinal. 
Very similar considerations apply to order types (a)x and corresponding von 
Neumann ordinals a (and we get the analogous result that the ordinals (a n )v 
and (T(a) n+1 )x correspond to the same von Neumann ordinal a). Further, 
nothing but technical points would differ if we used the Scott cardinals and 
ordinals here instead of the von Neumann cardinals and ordinals. Since 
we have a translation of ordinals and cardinals of type theory to ordinals 
and cardinals of the untyped set theory, we can translate the operations of 
addition and multiplication from type theory to untyped set theory directly. 
It might seem that we cannot translate cardinal exponentiation so directly, 
but here we observe that though (k a )x is not always defined, it is always 
the case that (T(k) T(A )) x is defined (and will be T(k x )x if the latter is 
defined); since the T operation is now understood to be the identity, we see 
that cardinal exponentiation is now a total operation. The way in which the 
definitions of cardinals and ordinals are transferred from type theory to set 
theory ensures that theorems of cardinal and ordinal arithmetic transfer as 
well. Notice that Cantor’s Theorem now takes the form n < 2 K : there is 
no largest cardinal (from which it follows that there can be no universal set, 
as certainly \V\ > 2^1 would hold; the argument from the untyped form of 
Cantor’s theorem and the naive supposition that there is a universal set to 
a contradiction is called Cantor’s paradox ). 

Although we have just defined operations of cardinal and ordinal arith- 
metic in terms of the interpreted type theory with X as type 0, it is perfectly 
possible to state definitions of these operations which do not depend on the 
notation [(f)] x- The recursive definitions of operations of ordinal arithmetic 
are inherited directly by untyped set theory from type theory. The defini- 
tions of \A\ + \B\ as | (A x {0} U B x { 1} | , |A| • \B\ as | A x B |, and |A| L 
as \A L! \ work perfectly well in untyped set theory (always remembering that 
the set theoretical meaning of \A\ , though not its mathematical function, 
is quite different). But the correspondence between the arithmetic of inter- 
preted type theory and the arithmetic of untyped set theory is important in 
seeing that theorems can be relied upon to transfer fairly directly from type 
theory to set theory. 

Results we have given above imply that certain statements which can 
be shown to be true in the version of Zermelo set theory interpreted in our 
type theory with strong extensionality are inconsistent with ZFC . We showed 
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above that D Q does not exist for some a in these models (to be precise, if 
the cardinality of the set corresponding to type 0 is we can prove that 
Hp+u does not exist in that model (whereas in ZFC we have |Vb+ a | = D Q for 
each ordinal a, so all D Q ’s must exist)) However, there are models of Zermclo 
set theory obtained from models of type theory with weak extensionality in 
which ZFC holds. This might seem not be possible since there is a sequence 
of sets V 1 (the sets corresponding to the types) such that any cardinal is less 
than some H 1 (since it is the cardinal of a set of some type): by Replacement 
it might seem that the countable sequence of V^’s would be a set (because 
it is the same size as the set of natural numbers), so its union would be a 
set, which would have cardinality larger than any |H*|. But this argument 
does not work, because there is no formula defining the sequence of V^’s 
(as there is in the models based on type theory with strong extensionality, 
where V 1+1 = ViV 1 )). Moreover, we will apply simple model theory below 
to show that for any model of ZFC there is a model obtainable from a model 
of type theory with weak extensionality in which the same statements of the 
language of set theory are true [that is a very convoluted sentence, I know]. 
The serious difference in power between untyped set theory and typed set 
theory has to do with the ability to quantify over the entire universe. This 
is just a difference in what we can say if we use Bounded Separation, but if 
we adopt the full axiom of Separation we can define sets in terms of global 
facts about the universe. This is best indicated using an example. 

Theorem: For each natural number n, there is a unique sequence s of sets 
with domain the set of natural numbers < n such that so = N and for 
each i < n, s i+ i = V n (N). 

Proof: Prove this by mathematical induction. The set of natural numbers n 
for which there is such a sequence s clearly includes 0 (s — (0, N)) and 
if it includes k will also include k + 1 (if s works for k, s U (k + 1 ,V(sf.)) 
works for k + 1). 

Discussion: In type theory with base type countable, sets interpreting these 
sequences do not all exist in any one type, so no assertion of type theory 
can even express the fact that they all exist. This statement is of course 
very badly typed, but a similar assertion would be the statement that 
there is a sequence of cardinals such that So = K 0 and s* + i = 2 Sl for each 
i, and this would present the same problem: in type theory with base 
type countable, the sequence Do, Di D 2 , . . . is not entirely present in any 
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one type. The mere statement of the theorem cannot be expressed in 
type theory because the quantifier over sequences s is not bounded in 
a set (and for this same reason this theorem cannot be proved using 
Bounded Separation: the subset of the natural numbers which needs 
to be shown to be inductive cannot be shown to exist). 


193 



4.7.1 Exercises 


1. This proof will use Replacement. 

In the usual axiom set it is rather more involved than it seems it ought 
to be to show that every set is a subset of a transitive set (this is easily 
shown in cumulative type theory or in Zermelo set theory with the rank 
axiom, but the usual formulation of Zermelo set theory or ZFC has the 
Foundation axiom, which is weaker. 

I give an outline of a proof which you need to complete (there are 
models in the notes for the proof). 

Let X be a set. We want to prove that there is a transitive set which 
contains X. The idea is to prove that the collection of sets {(J n (Ai) | 
n G N} exists. Then you can show that the union of this set is transitive 
and contains X as a subset. 

Fill in the details. To prove the existence of {[J n (A") | n e N} by 
Replacement you need a formula (f>[x,n] which says iL x = [J n A"”. As I 
said, there are models for this in the notes. 

Why does it follow immediately from “A" is a subset of a transitive set” 
that X is an element of some transitive set as well? 

2. This question is intended to address the question of just how weird a 
model of ZFC without the Axiom of Rank can be. 

Work in ZFC . Define a set A as bounded iff its transitive closure con- 
tains finitely many von Neumann natural numbers. We refer to the 
first von Neumann natural not in the transitive closure of A as the 
bound of A. Verify the following points: 

(a) If a and b are bounded, {a, b} is bounded. 

(b) If A is bounded, V(A) is bounded (but the bound might go up 
by one - do you see why?), and (JA is bounded (with the same 
bound). You should also show that the bounds of the sets V k (A) 
eventually increase with k. 

(c) The set of Zermelo natural numbers is bounded. 

(d) If the bound of A is n, the set V >n (A) of all subsets of A with 
more than n elements is also bounded with bound n (note that 
this can be iterated). 
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(e) Apply the points above to argue that the collection of all bounded 
sets in the universe of ZFC is a model of Zermelo set theory in 
which the set of von Neumann natural numbers does not exist, in 
which {V n (X) | n e N} does not exist for any A", and in which 
there are sets of every cardinality which exists in the universe of 
ZFC. 
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5 


Logic 

5.1 Formalization of Syntax and Substitution 

In this section we discuss the representation of bits of syntax (formulas and 
terms) by mathematical objects. We will thereafter identify the syntactical 
objects of our language with these mathematical objects. 

An obvious way to do this would be to represent ASCII characters by nat- 
ural numbers, then represent character strings as functions from finite initial 
segments of N to ASCII characters. But the definition of formal operations 
on syntax with this definition would be inconvenient. 

Our representation will be typically ambiguous, as with all our represen- 
tations of mathematical objects in type theory: syntactical objects will exist 
in all types above a certain minimum type (which we really will not care 
about determining). Though we work in type theory it should be clear how 
the same construction could be done in Zermelo set theory. 
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5.2 A toy example (calculator arithmetic) 

Our full type theory has a quite complex language, so we provide a prelim- 
inary example of construction of a formal language within our type theory 
and definition of semantics for it (intended values for all the expressions of 
the language as represented within our theory). The objects we use to rep- 
resent expressions of calculator arithmetic will all be of the same type, some 
fixed n + 2. 

The language we consider is the language of calculator arithmetic. 

Each individual digit is assigned its usual meaning (0,1, 2, 3, 4, 5, 6, 7, 8, 9). 

Strings of digits are to be assigned their usual meanings: if D has been 
assigned a value x already, and d is a digit whose value r we already of course 
know, the value of Dd (understood as a string concatenation) will be 10 x + r. 

General expressions will include all the strings of digits and all sums and 
products of expressions. So we expect (102 + 5) • 13 to be an expression, for 
example. 

Trying to represent our symbols as strings is certainly possible, but would 
require reasoning about mathematical representations of parentheses which 
would be quite unpleasant. We take a different tack, which handles grouping 
without parentheses. 

digits: Each digit n e {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} is represented by (0, n) . Using 
quotes, we define ‘n ’ as (0,n). 

base ten numbers: A base ten number with one digit n is represented by 
the digit (0, n). A base ten number N whose last digit is n and which 
has more than one digit is represented by (1, D, (0, n)), where D is 
the representation of Aj=p. So for example 5 is coded by (0,5), 12 is 
coded by (1, (0, 1), (0, 2)) and 365 is coded by (1, (1, (0, 3), (0, 6)), (0, 5)). 
Using quotes, if ‘cf is a digit (so d is a known small number) and ‘.D’ is 
a decimal numeral, ‘ Dd ’ (the string obtained by appending ‘cf to ‘77’) 
is defined as (1, l D' , ‘<f). 

arithmetic expressions: A base ten number by itself is an arithmetic ex- 
pression. 

If E and F are arithmetic expressions, (2, E, F ) represents the formal 
sum of these two notations and (3, E, F ) represents the product of these 
two notations. 
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Using quotes, if ‘F ; is a calculator expression and ‘F’ is a calculator 
expression, we define ‘(F+F)’ as (2, ‘F', ‘F') and ‘(F-F)’ as (3, ‘F', l F'). 

The translation of the calculator notation “(102 + 5) • 13” will then be 
(3, (2, (1, (1, (0, 1), (0, 0)), (0, 2)), (0, 5)), (1, (0, 1), (0, 3))). 

The point here is that the individual notations are objects internal to our 
type theory, rather than symbols. An alternative way to do this would be to 
postulate something like character strings as objects of our theory, but it is 
instructive that we do not need any new primitive ideas to implement this. 

It is important to note that these notations represent pieces of notation, 
not numbers. “2+3” (a piece of notation) is not the same thing as “5” or 
“3+2” , though these pieces of notation represent the same numbers. And all 
three of these are different complex pairs. 

It is not enough for us to be able to represent each individual piece of 
calculator notation. We want to be able to say that something is a piece of 
calculator notation internally to our mathematical language. We define the 
sets corresponding to the categories of notation we have discussed. 

the set of digits: The set D of digits is easy to define: this is the set {0} x 
{0,1,2,3,4,5,6,7,8,9}. 

the set of base ten numbers: We will define the set T of base ten num- 
bers. 

We say that a set 7 is F-inductive iff F C 7 and {1} x 7 x D C 7. We 
call the set of all F-inductive sets T and define F as T, the collection 
of all objects which belong to every F-inductive set. 

Certainly the collection of all base ten numbers is F-inductive. And 
any F-inductive set (a collection 7 which contains all the digits and 
has the property that any triple (1 ,x,d) where x is in the collection 
and d is a digit) must contain all the base ten numbers. An example 
of a F-inductive set which is not the collection of all base ten numbers 
(other than the trivial example, the universe), is the collection J = 
({0} x V) U ({1} x V x D) of all things which are either a pair with first 
component 0 or a triple with first component 1 and last component a 
digit. 

the set of calculator expressions: We define the set F of calculator ex- 
pressions. 
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We say that a set / is E'-inductive iff T C I and {2 }x/x/CJ and 
{3} x / x / Cl. We call the set of all A-inductive sets £, and we dehne 
E as f)£, the collection of all objects which belong to any A-inductive 
set. It should be clear both that the collection of calculator expressions 
should be E'-inductive, and that any A-inductive set that we dehne will 
contain all the calculator expressions. 

Finally, of course, the most interesting thing about a piece of notation is 
what it means. We will dehne a function v : E — > N which will represent 
the natural number value which we expect a piece of calculator notation 
to denote (what display do you get when you type this notation into the 
calculator?). A function like v is called a “valuation”. 

We list conditions which we expect to hold of v. 

valuation of digits: u((0,n)) = n about sums up our expectations. This is 

the simple case. So we expect ((0, n), n ) G v for each n G {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}. 

valuation of base ten numerals: A base ten numeral which is a digit 
we already know how to handle. A base ten numeral of the form 
(1, D, (0,n)) will have v((l, D, (0,n)) = (10 -v(D))+n. So if ( D,x ) G v, 
we expect ((1, D, (0, n )), 10 ■ x + n) G v. 

valuation of calculator expressions: A calculator expression which is a 

base ten numeral I already know how to handle. We expect u((2, e, /)) = 
v(e) + v(f) and u((3, e, /)) = v(e) ■ v(f). We express this a little differ- 
ently: if ( e,x ) G v and (/, y) G v, we expect ((2, e, /), x + y) G v and 
((3 ,e,f),x-y) G v. 

the appropriate kind of inductive set: A set / is v-inductive iff ((0, n), n) G 
/ for each n G {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, and if (D,x) G I and D G T 
and iGNwe expect ((1 ,D, (0, n)),10 • x + n) G I, and if (e, x) G / 
and (/, y) G /, and x,y G N, we expect ((2 ,e,f),x + y) G v and 
((3 ,e,f),x-y) G v. 

the definition of v : Dehne V as the collection of all u-inductive sets and de- 
hne v as P| V, the collection of objects which belong to every v-inductive 
set. This way of constructing a function may make us queasy, and 
should remind us of the proof of the Iteration Theorem. An informal 
argument that this is correct should exploit the observation in effect 
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already made that our first three points show that v, considered as a 
set of pairs, actually is u-inductive - and further that any v-inductive 
set should actually contain all the pairs in v, so their intersection is 
exactly v. 
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Exercises 


The first two problems may be all that you do, but I do invite you to 
think about the two harder problems which follow. 

1. For each of the following nested pair expressions, determine whether 
it actually is a mathematical representation of a calculator expres- 
sion (including digits and base ten numbers), and if it is one report 
its value. Show steps in your calculation. 

(a) (2,(1, (0,1), (0,3)), (0,5) 

(b) (1, (0,1), (1,(0, 3), (0,4))) 

(c) (3, (2, (0, 5), (0, 3)), (1, (0,1), 0,0)) 

(d) (1,(2, (0,2), (0,3)), (0,5)) 

2. Write the nested pair expressions which represent the following 
expressions of calculator arithmetic. You do not have to compute 
values. 

(a) 5 + 4 

(b) (2 + 3) +4 

(c) 2 + (3 + 4) 

(d) 15-234 

3. This is a challenge problem: determine why I need to say “ci € T” 
in the clause “if (d, x) E I and d e T and x G N we expect 
((1, d, (0, n)), 10 • x + n) € /” (hint: give an example of an illegal 
expression (something not in E) at which we would be forced to 
evaluate v if we did not include this condition). One of the parts 
of the first problem is relevant! 

4. Another challenge problem: show that the set of pairs V x N is 
v-inductive - this shows that every value of v is a natural number. 
(V x N is the set of all ordered pairs whose second component is 
a natural number). 
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5.3 A formal syntax for our type theory 

We initially give a recursive definition of notation taken from logic and set 
theory as mathematical objects. 

We begin with variables. The triple (0, m, n) will represent a bound vari- 
able X™ and the triple (1 ,m,n) will represent a free variable (or “constant”) 
a™ for natural numbers m, n. The reasons why we want bound and free 
variables will become evident later. That is, we define ‘x™’’ as (0 ,m,n) and 
‘a™’ as (1, m, n). 

The triple (2 ,n,t), where t is a term, will represent the sentence P n (t) 
(P n being a unary predicate). The quadruple (3 ,n,t,u) will represent the 
sentence tR n u ( R n being a binary predicate (logical relation)). We read 
(3, 0, t,u) as t C u and (3,1 ,t,u) as t = u. That is, we define ‘P n (f)’ as 
(2 , n, T) and i tR n u’’ as (3 , n, ‘f’,V). 

The triple (4 ,n,t) ( t being a term) stands for F n (t ) ( F n being a function 
symbol). The quadruple (5 ,n,t,u) ( t and u being terms) stands for tO n u, 
()„ being a binary function (operation) symbol. That is, ‘F n (f)’ is defined as 
(4, n, '£’) and l tO n u' is dehned as (5 , n, ‘£’,V )• 

We reserve F 0 and F\ to stand for the projection operators, and Oq to 
stand for the ordered pair. 

Note that all predicate and function symbols are typically ambiguous 
(can be used with arguments of many types). Binary relation symbols are 
assumed to be type level and functions are assumed to have one or both 
inputs and their output all of the same type. 

The triple (6 ,n,t) represents i n (t) and the triple (7 ,n,t) represents |J n t. 
Note that we can now represent t G u as {t} C u. That is, T n (f)’ is defined 
as (6, n, T) and ‘ lj n t ’ is dehned as (7, n, ‘t’). [It is important to note that 
we intend in our semantics to extend the union operation so that (Jjy} is 
equal to x even if x is an atom.] 

The quadruple (8 ,n,v,4>) (where 0 is a formula and v is a variable) is 
read ( Q n v.q i), where Q n is a quantifier. We reserve Q 0 as 3 and Q i as V. 
That is, l (Q n v.<j>y is dehned as (8 ,n, )• 

The quadruple (9 (where (j) is a formula and v is a variable) 
represents a term (B n v.(f)) constructed by binding on a formula. We read 
(9,0 ,v,4>) as (ev.(f>), the Hilbert symbol. Note that {v \ 0} can be read 
as (eA(Vu.{u} C A yy 0)). That is, (ev.<t>) (in particular) is dehned as 

(9,0, V,‘0’>- 

The pair (10, 0) represents ->0. The triple (11, 0, 0) represents 0V0. That 
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is, ‘-i0’ is defined as (10, ‘0’) and ‘0V0’ is defined as (11, ‘0’,‘0’). We could 
equally well use the construction (11, n, 0,0) and provide ourselves with a 
potentially infinite supply of binary propositional connectives: (11, n, ‘0 7 , ‘0') 
would be taken to code ‘0 © n 0’, and we would reserve ©o,©i,© 2,©3 f° r 
A, V, — A gg. 

The above is not precisely mathematical as it relates mathematical ob- 
jects to pieces of notation. We proceed to develop a thoroughly mathematical 
account of syntax and semantics using this informal account as motivation. 
For readability, we will allow ourselves to use quoted terms and formulas 
much of the time. 

Definition: This is a nonce definition. A syntactical pair of sets is a pair of 
sets (T, F) with the following properties, motivated by the idea that T 
is an approximation to the set of terms and F is an approximation to 
the set of formulas. 

1. For any natural numbers m,n, (0 ,m,n) and (1 ,m,n) belong to 
T. Objects (0, m, n ) are called bound variables. 

2. For any natural number n and any t G T, (2 ,n,t) G F. 

3. For any natural number n and t, u G T, (3 ,n,t,u) G F. 

4. For any natural number n and t G T, (4, n, t ), (6, n, t ), (7, n, t) G T 

5. For any natural number n and t, u G T, (5 ,n,t,u) G T. 

6. For any natural number n, , bound variable v, 0 G F, and t, u G T, 
(8, n, u,0) G F, and (9 , n, u, 0) G T. 

7. For any 0,0 G F, (10,0) G F and (11,0,0) G F. 

Definition: A formal term set is any set which is the first projection T of 
a syntactical pair (T, F) . A formal proposition set is any set which is 
the second projection F of a syntactical pair ( T , F). A formal term is 
an object which belongs to all formal term sets. A formal proposition 
is an object which belongs to all formal proposition sets. 

Theorem: If T is the set of all formal terms and T is the set of all formal 
propositions, then (T, F) is a syntactical pair of sets. 

The two sets T and T are defined by mutual recursion. It is natural to 
prove theorems about formal terms and propositions using structural induc- 
tion. We will write formal terms and propositions using ordinary typography, 


203 



and in fact to the best of our ability forget the intricacies of numerals and 
pairing that underly the formal definition (particularly since the details are 
largely arbitrary and could be changed wholesale without affecting the sub- 
sequent development). 

Terms have type, and considerations of type determine that some terms 
are ill-formed, x™ and a™ have type m. F(t) has the same type as t. tOu 
has type m iff t and u have the same type m and is ill-typed otherwise. 
(ex™.0) (this is the Hilbert symbol) has type m. A formula tRu will only 
be considered well-formed if t and u have the same type. If t has type n, 
L k (t) has type n + k and IJ k (t) has type n — k if n > k and is considered 
ill-formed otherwise. These clauses are enough to determine the typing (and 
well-formedness) of all terms and formulas by recursion. 
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Now we give the formal definition of substitution. We define u[t/xi\ (the 
result of replacing Xi with t in the term u) and 4>[t/xi\ (the result of replacing 
Xi with t in the formula 0) at the same time. Here we leave off the type index: 
the type requirement is that t and x t have the same type. 

1. Xj[t/xi] is defined as t if i = j and as x 3 otherwise. 

2. a,j[t/xi\ is defined as a,j. 

3. F{u)[t/xi\ is defined as F(u[t/xi\). 

4. (uOv)[t/xi\ is defined as u[t/xi\ Ov\t/xi\. 

5. (Bxj.(f))[t/xi\ is dehned as (Bxk-<f>[xk/xj][t/xi\), where Xk is the first 
variable not found in (Bxj.<f>)[t/xi]. The full definition of (Bu.(f>)[t/xi] 
where u may be a complex term is quite difficult. The only form that 
B takes in our development is the Hilbert symbol e. 

6. P(u)[t/xi\ is dehned as P(u[t/xi\). 

7. (uRv)[t/xi\ is dehned as u[t/xi\ Rv[t/xi\. 

8. (Qxj.(f))[t/xi] is dehned as (Qxk-(f>[xk/xj][t/xi\), where Xk is the hrst 
variable not occurring in (Qxj.(f))[t/xi]. Dehning (' Qu.<f>)[t/xi ] for gen- 
eral terms u would be difficult. 

9. /xi] is dehned as -«f>[t/xi] and (0 Vif))[t/xi\ is dehned as <fi[t/xi] V 

l/>[t/Xi\. 

To justify that this definition works takes a little thought. The notion of 
length of a term or formula can be dehned by a natural recursion (we do not 
give the mind-numbing details here). Then observe that the substitution of t 
for Xi in any given formula P is may be dehned in terms of other substitutions 
supposed already dehned, but these are always substitutions into strictly 
shorter formulas. 

Our formulation of syntax differs from usual formulations in dehning a 
single universal formal language, which is specifically adapted to the needs of 
type theory, though it can also be used for single-sorted hrst order theories. 
The adaptation to first-order theories is straightforward: simply do not use 
variables of type other than zero or the singleton or union operations. The 
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language would need to be extended for more complicated multi-sorted theo- 
ries (more complicated type theories): we will not discuss this. The language 
could be extended with n-ary predicate and function symbols for n > 2, of 
course. It can obviously be cut down by specifying limited collections of con- 
stants, unary and binary predicate symbols, and unary and binary function 
symbols. 

5.3.1 Exercises 

1. Using the definitions of formal syntax above, write out the mathemat- 
ical object coding the formula 


(Vx^dx^-xf -^2 %l))- 


2. What is the term or formula coded by 

(8, 1,(0, 0,1), (3, 2, (0,0,1), (1,0,1)))? 

3. Formalize the process of substituting 2 + 3 for x in the sentence ( x + 
y) + z = x + (y + z), starting with the formal expression 

((x + y) + z = x + (y + z))[{2 + 3)/x] 

and proceeding agonizing step by agonizing step as I did in class. In 
words, this means “replace x with 2 + 3 in the expression (x + y) + z = 
x + (y + z)” and should give just the result you expect. But anyone 
doing formal syntax should expand something like that once (grin). 

4. The expression (Vx : (Vy : c(x + y) = ex + cy)) is true of course. 
Suppose we replace c with y. Then we might think we are saying 
(Vx : (Vy : y(x + y) = yx + yy)), that is, (Vx : (Vy : y(x + y) = yx + y 2 )). 
Now certainly this is true, but it is not really the statement which I 
mean when I say to replace c with y in the original statement. Can you 
see why not? What would the offical result of this substitution look like 
(you do not need to write formal expansions, just write out the intended 
sentence, using whatever choice of variables seems reasonable). 
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5.4 Formalization of Reference and Satisfaction 

In this section we define the notions of meaning and truth. That is, given 
an interpretation of the nonlogical symbols of our language, we show how to 
formally define the referent of each term and the truth value of each formula, 
mod assignments of values to all variables. 

We first need to set the stage. A domain of objects is needed to support 
our interpretation. In fact, we supply a sequence D n of domains, one for each 
n G N, with D n intended to be the collection of type n objects. 

Note that all the sets D n are actually of the same type in the sense of our 
working type theory. If we restrict our language to the first-order as indicated 
above, we only need a single domain D. We will use M to represent the type 
of the elements of D n (the type of the objects that terms of our language 
stand for). We will stipulate that the terms of our language are also of type 
M . It follows that each of the domains D n is of type M + 1 and the sequence 
D is of type M + 2 (a map sending type M + 1 natural numbers to type 
M + 1 sets). 

We associate a value af G D n with each constant of. With each unary 
predicate P* we associate a set P” C D n for each n (because our language 
is typically ambiguous we need an interpretation of each predicate over each 
type). With each binary relation symbol R % we associate a set P” C D n x 
D n for each n. Similarly each unary function symbol P ?: is associated with 
functions F” : D n — > D n , and each binary operation symbol Oi with functions 
O n : D \ — > D n . An injective map i n+ \ : D n — > D n+ 1 is provided for each 
n, and a map lj n : D n+ 1 — >• D n with the property U»(^+i( a; )) = x ^ or ea °h 
x G D n . We define i n ^ as the identity map on D n if n = k and for n < k 
define i n ^ as i\~ o the operation i n k implements the representation of 

( k — n)-fold singletons of type n objects. We define [j nk as the identity map 
on D n if n = k and for n > k define L Ujk as (J fc o (J n fc+1 : the operation (J n k 
implements the representation of (n — /c)-fold unions of type n objects. It 
is useful to note that I have indexed these operations so that the index (the 
second one, if there are two) is the object language type of the output. (The 
existence of these latter maps imposes requirements on the sequence of sets 
D n : the sets in the sequence must be of increasing size). To support the 
Hilbert symbol we provide a function H n from nonempty subsets of D n for 
each n: H n (A ) G 1 for all A; if A C D n , then H n (A ) C A if A ^ 0; F n (0) is 
defined and belongs to l u D„ but is otherwise unspecified. 

A structure for our formal language is determined by a map D sending 
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a possibly proper initial segment of the natural numbers to domains D n , 
“singleton” and “union” maps < n+1 : D n — > D n+ 1 and lj n : D n+ 1 — > P n 
as above, modified choice functions H n as above (if the Hilbert symbol is 
to be used), and some partial functions implementing constants, predicates 
and functions as indicated above: where m,n are natural numbers, A(m,n ) 
will be the element a™ of D n used as the referent of a™, P(m,n ) will be the 
subset P™ of D rn intended to be the extension of the predicate P n in type m, 
R(m, n) will be the subset R™ of D rn x D m intended to be the extension of the 
logical relation R n , F(m,n ) is the element F™ of P (recall that B A is the 
set of functions from A to B) representing the action of the function symbol 
F n in type m, and 0(m,n ) is the element Off of Dff mXDm representing the 
action of the operation symbol O n in type m. The length of the domain 
sequence and the domain of the partial function determine the subset of our 
universal language which is used in the obvious way. 

The binding constructions used in the discussion which follows are lim- 
ited. The only term construction binding propositions we provide is the 
Hilbert symbol [ex.(j)[x]) which may be read “an x such that (p[x\ if there is 
one (chosen in an unspecified manner if there are more than one) or a de- 
fault object if there is no such x” . All definable term binding constructions 
(including the set builder notation) can be defined in terms of the Hilbert 
operator. The only quantifiers we provide are the usual ones (which can in 
fact also be defined in terms of the Hilbert operator!). It is not difficult 
to extend the discussion to general binders, but it would further complicate 
already very elaborate recursive definitions. 

A possibly partial function E on variables such that E(xf) G D n for 
each variable xf in the domain of E is called an environment. If E is an 
environment we define E[d/xf] as the environment which sends xf to d and 
agrees with E everywhere else (this may be an extension of E if E is not 
defined at xf). Notice that each environment is an object of type M + 1. 
[ If we restricted ourselves to finite partial functions as environments, it is 
possible to use type M objects built with ordered pairing.] 

We will now recursively define functions 1Z and V (named with “reference” 
and “valuation” in mind). These functions take two arguments, an environ- 
ment and a term: strictly speaking, because of typing, they need to be type 
M + 2 functions taking an environment and the singleton of a term as ar- 
guments They are partial functions: they are sometimes undefined. Strictly 
speaking, these functions are defined relative to a structure and would be 
written IZs and Vs if we wanted to explicitly specify a structure S we were 
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working with. We use the informal notation a” for A(n,i), P” for P(n,i ), 
and so forth. The domains of these functions are restricted to the language 
appropriate to the structure (and further restricted depending on the extent 
to which E is partial). 

We define x{4>) as 1 if 0 is true and 0 if 0 is false. Note that x is a 
truly weird operation taking a sentence of our metalanguage to a number; 
all uses of this device can actually be eliminated, but it is a convenience. It 
is possible to define x(0) quite honestly, as {x j (0 A x G 1) V (->0 Ai6 0)}. 
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Now for the horrible recursive definition. 


1. TZ(E,xf) = E(x^) (if this is defined). 

2. TZ{E,af) = A(n,i). 

3. 7 Z(E,Fi(t)) is defined as F(n,i)(TZ(E,t)), where n is the type of t (as 
long as TZ(E,t) is defined). 

4. 7 Z(E,i k (t)) is defined as t n , in+ fc(7 Z(E,t)), where n is the type of t, as 
long as the embedded reference is defined. 

5. 1Z(E, |J k (f)) is defined as [J nn _ k (7l(E,t)), where n is the type of t, as 
long as the embedded reference is defined. 

6. lZ{uOiv) is defined as 0(n,i)(TZ(E,u),7l(E,v )) just in case lZ(E,u) 
and 7 Z(E, v) are defined and u and v have the same type n. 

7. V(E, P(u)) is defined as x{E(E,u) G P(n,i)), where n is the type of 
u, as long as the embedded reference is defined. 

8. V(E, (u Riv) is defined as x({E{E } u),1Z(E,v)) G R(n,i)), as long as 
the embedded references are defined and u and v have the same type 
n. 

9. V(E,-*t>) is defined as x( _| (V(^, (j>) = 1)), and V(E,(j>\/ ip) is defined 
as x(V{E,(f>) = 1 V V(E,'tp) = 1), as long as the embedded valuations 
are defined. 

10. V(E, (Qx'j.cj))) is defined as x((Qd G D n .V(E[d/xf],(f>) = 1)), where Q 
is either 3 or V, as long as the embedded valuation is defined. Please 
notice that the quantifiers on the left side of the definition are in quotes 
and on the outside are real quantifiers of our metalanguage (restricted 
to the appropriate D n ). 

11. 7 Z(E, ( exf.q b)) is defined as the sole element of H n ({d G D n \ V(E[d/x f], 4>) 
1}) if the valuation is dehned. 

Notice as with substitution that the reference and valuation functions are 
dehned recursively. Reference and valuation for a particular term or formula 
may appeal to reference or valuation for another formula or term, but always 
a strictly shorter one. 
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Although our language is restricted for convenience in framing these defi- 
nitions, the full language of type theory is supported with suitable definitions. 
If equality and subset relations are primitive, we define x G y as l(x) C y , 
4> —$■ ij) as -xj> V i/j, (f) A -0 as V ^-B-^as^— >0, and 

{. x | 4>} as (eA(Vx.a; G A -h- 0)). 

A further technical note is that and V 5 are lateral operations: they 
actually take a type M + l environment and a type M term to a type M term 
or truth value. They can of course be transformed into sets by encasing the 
second argument and the value produced in singleton brackets, but we will 
not do this. We will suppose that we have done this in any context where 
we presuppose that we have identified an 7 Zs and V 5 as actual objects of our 
type theory. 
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5.4.1 Exercises 


1. Use the definitions of reference and satisfaction to evaluate the following 
expressions, if D 0 = {1,2,3} and the following information about the 
environment and interpretation is given. Notice that we really do not 
need to worry about types in this example. 

kL(0, 1) = 3 (that is, the intended referent of a} is 3). 

P(0,1) = {1,2} 

R( 0, 1) = {(1, 1) , (2, 2) , (3, 3)} (the equality relation). 

E( x n) = 1 for all n (the environment E assigns every type 0 variable 
the value 1). 

Show the reasoning behind your evaluation in detail. The intended 
evaluations are quite obvious: the point is to show that the nasty defi- 
nitions in the notes actually get us there, so detail must be seen. This 
is an exercise in step by step unpacking of definitions. 

(a) P(P,a°) 

(b) K(E,4) 

(c) V(E,Pi(a?)) 

(d) V(P,PlK)) 

(e) V(E, x® Pi a?) 

(f) V(E,x 0 2 R lX 0 5 ) 

(g) V(E,( 3x°.x°Pia?)) 

2. Why didn’t we define V(E, (\/x.(j>) as “y(for all terms t, V(E, 4>[t/x])— 1)”? 
Such a scheme, called “substitutional quantification”, does have fans. 
But it is not equivalent to our scheme. Can you see why? Hint: it is 
making a very strong assumption about the capabilities of our formal 
language. 
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5.5 Formal Propositional Sequent Calculus 

We introduce sequent notation. 

Definition: A sequent is an ordered pair (r, A) of finite sets of formulas. 
We write sequents T b A. The set {A} (where A is a formula) is simply 
written A in a sequent; the set T U {A} is written T, A; notation for 
the empty set is omitted. 

Definition: A sequent T b A is valid iff every interpretation under which V 
is defined for all elements of T and A [we will presume this condition for 
all interpretations and sequents hereinafter] and under which V‘T C 
{1} has 1 G V“A (every interpretation which makes all statements in 
T true makes some statement in A true). 

Lemma: T, A h A, A is a valid sequent for any formula A and sets V and 
A. 

Lemma: T, —>A h A is a valid sequent iff T b A, A is a valid sequent. 

Lemma: T I — <A, A is a valid sequent iff T, A h A is a valid sequent. 

Lemma: T, A V B h A is a valid sequent iff both T, A h A and T,5hA are 

valid sequents. Note that this is a formalized version of the strategy of 

proof by cases. 

Lemma: T b A V B, A is a valid sequent iff T b A, B, A is a valid sequent. 

We introduce a weaker notion of valuation appropriate when we are con- 
sidering propositional logic only. 

Definition: A propositional valuation is a partial function V which sends 
each formula in its domain to either 0 or 1, and which sends any formula 
to 1 — V(</>) and any formula <f> V ip to V{4>) + V(^) — V{4>) • V(V’) 
(in each case iff the valuations of subformulas are defined). 

Observation: All valuations in the sense of the previous section are propo- 
sitional valuations, but not vice versa. 
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Definition: A propositionally valid sequent is one in which any proposi- 
tional valuation which is defined on all formulas involved and sends all 
formulas on the left to 1 sends some formula on the right to 1. Note 
that all propositionally valid sequents will be valid, but not vice versa 
(a formula which is not propositionally valid may be valid for other 
logical reasons). 

Observation: All the Lemmas above remain true when “valid” is replaced 
with “propositionally valid” . 

Theorem: If a sequent 0 is propositionally valid, applications of the rules 
above will inevitably show this. If a sequent 0 is not propositionally 
valid, applications of the rules above will inevitably reduce the sequent 
to a form from which a valuation witnessing its invalidity can be ex- 
tracted. 

Proof: Any application of the rules above converts a sequent with n disjunc- 
tions and negations in it to one or two sequents with n — 1 disjunctions 
and negations each. So sufficiently many applications of the rules will 
convert any sequent into a collection of sequents in which all formu- 
las are atomic (or quantified), but in any event do not have accessible 
disjunctions or negations. If each of these sequents has a formula in 
common between its left and right sets, the sequent is valid. If one of 
these sequents does not have a formula in common between its left and 
right sides, a valuation assigning 1 to each formula on the left and 0 to 
each formula on the right witnesses the fact that the original formula 
is (propositionally) invalid. The total number of steps will be no more 
than l + 2 + 4 + ... + 2 n = 2 n+1 — 1 (which means that proofs of com- 
plex sequents may be unpractically large!), because if we start with a 
sequent with n connectives and organize our work into steps in which 
we apply a single rule to each sequent, at step k we will obtain no more 
than 2 k formulas of length n — k. 

So we have given a complete formal account of propositional logic. 

It is worth noting that a form of the rules above can be given in which all 
sequents have the empty set or a singleton set on the right. Many readers will 
be comfortable with many premisses but only a single intended conclusion 
(the case of the empty set represents the goal of a contradiction). This can 
be done purely mechanically: apply the rules in the forms given above, then, 
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if there is more than one formula on the right, convert all but one of them 
to their negations and move them to the left. In the case of the negation 
rule, move the original conclusion to the left; in the case of the right rule for 
disjunction, move the second disjunct to the left. The theorem still holds. 

The given rules can be used to derive rules for the other propositional 
connectives. These resemble the proof strategies that we have developed 
in the section on Proof, with the notable exception that the left rule for 
implication seems different (although it does support the modus ponens and 
modus tollcns strategies we expect). The resemblance of the sequent rules to 
our proof strategies is clearer in the single-conclusion forms (though the left 
rule for implication remains eccentric). 

We can present sequent proofs as mathematical objects. 

Definition: An axiom (a sequent with nonempty intersection between the 
left and right side) is a proof of its own validity. 

If the validity of sequent A follows from the validity of sequent B by 
an application of a sequent rule, and C is a proof of B, then (A, C) is 
a proof of A. 

If the validity of sequent A follows from the validity of sequents B and 
C by an application of a sequent rule, and D is a proof of A and E is 
a proof of C, then (A, (D, E)) is a proof of A. 

Being an instance of one of the sequent rules is mathematically defin- 
able, so the notion of being a sequent proof is mathematically definable 
(the class of sequent proofs is the smallest class with the closure con- 
ditions just described). 

Note that the addition of more sequent rules will cause only minor 
adjustments to this definition. 

A sequent is provable if there is a proof of it. A sentence (j) is provable 
iff the sequent b (j) is provable. 
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We give the propositional sequent rules in a useful format. In each entry, 
the validity of the sequent below the line is equivalent to all the sequents 
above the line being valid. 


r,AbA, A 

rbA, A 
r.ndHA 

T, A,5b A 
T,A ABhA 

r,AbA r,BhA 
T,A V5bA 

rbA, A r,BhA 
r.i^BhA 

r,A -a 5,5 -a AbA 

r.dnShA 

r,AbA 
r i- ->a, a 

TbA, 5, A 
TbA V 5, A 

rbA, a r i-5, a 
rbA A 5, A 

T, Ab5, A 
rbA ->■ 5, A 

r,Ab5,A r,5bA,A 
r b A aa 5, A 
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5.6 Formal First-Order Sequent Calculus: the Com- 
pleteness, Compactness and Lowenheim-Skolem The- 
orems 

For first-order reasoning, we need to introduce sequent rules for quantifica- 
tion. 

Lemma (Cut Rule): T b A is valid iff T, A b A and T b A, A are both 
valid. 

This may seem like a purely propositional rule, though we did not need it 

in the previous section. As we will see in a later subsection, we do not need 

it here either, but it is very convenient. 

We give the sequent rules for quantifiers (and the Hilbert symbol). 

Lemma: T, (3x.(f)[x]) h A is valid iff T, (f)[a] h A is valid, where a is a 
constant which does not appear in the first sequent. 

Lemma: T b (Vx.0[x]), A is valid iff T b 0[a],A is valid, where a is a 
constant which does not appear in the first sequent. 

Lemma: T b (3x.0[x]), A is valid iff T b (f>[t\, (3x.(f)[x]), A is valid, where t 
is any term. 

Lemma: T, (\/x.(j)[x]) b A is valid iff T, (\/x.(j)[x]), <p[t] b A is valid, where t 
is any term. 

The sequent rules for equality are the following. 

Lemma: Any sequent of the form T b t = t, A is valid. We take these as 
axioms. 

Lemma: T, t = u b (f>[t\, A is valid iff T, t — u b (p[u\, A is valid. 

Here are the rules for the Hilbert symbol. 

Lemma: For any term f, T b A is valid iff T, (j)[{ex .(j>) / x] b A is valid and 
T b (f>[t/x], A is valid. If the existential quantifier is defined in terms of 
the Hilbert symbol, its rule can be derived from this rule (and the rule 
for the universal quantifier from the rule for the existential quantifier). 
Note that the Cut Rule is actually a special case of this rule. 
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Lemma: T, (j}[(ex.i])\x\)/x\, «->• x[ x \) I - (j>[{ex .x[x\) / x\, A. 

Here is a lemma about provability which follows from common features 
of all our rules. 

Lemma: If T b A is provable using our sequent rules then T, T' b A, A' is 
also provable using our sequent rules for any finite sets T', A'. 

These rules correspond precisely to our proof strategies for proof of quan- 
tified goals and use of quantified hypotheses. Our definition of proofs as 
formal objects can be extended to first order logic proofs by adding these 
sequent rules. 

We now prove a constellation of results which show that first order logic 
is complete (any valid sequent can be proved using the rules we have given) 
but also cast some doubt on just how strong first-order logic is. 

Observation: The sets of formal terms and formulas are countably infinite. 
It is obvious that they have countably infinite subsets, so they are not 
finite. A quick way to see that they are just countably infinite is to 
observe that all our objects (formulas, terms, sequents, and proofs) are 
built from natural numbers by pairing and the construction of finite 
sets, and that finite sets and pairs of natural numbers can be imple- 
mented as natural numbers, as we showed above. So the sets of terms 
and formulas could be understood as infinite sets of natural numbers. 
The formulation we use is advantageous because it is clearly adaptable 
to larger languages (we might for example want uncountably many con- 
stants). This argument also adapts to larger languages: for any set of 
an infinite cardinality k, objects in the set can be used to code pairs 
of objects in the set by the theorem k 2 = fj of cardinal arithmetic, so 
if we for example have n constants and otherwise the usual finite or 
countable complement of symbols we will have formula and term sets 
of size k. 

It is also important to note that the Construction which follows is valid 
for restricted languages. Limiting the number of constants, predicates, 
functions, relations and/or operators to a finite set does not affect the 
construction. Completely eliminating the Hilbert symbol does not af- 
fect the Construction. Using just one type or a finite subset of the 
types does not affect the Construction. 
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Construction: Let T and A be possibly infinite sets of formulas with the 
property that for any finite r 0 C T and A 0 C A, r 0 h A 0 is not 
provable, and which are such that infinitely many constants of each 
type do not appear in any formula in either of these sets (this is not an 
essential limitation: constants a.; used can be replaced with ci 2 i in each 
type, freeing up infinitely many constants). Then there is a countably 
infinite structure in which each formula in T and the negation of each 
formula in A is satisfied. 

For purposes of this proof we use only negation, disjunction, and the 
existential quantifier as logical operations (all the others are definable 
in terms of these and their proof rules are derivable from the rules for 
these and their definitions). 

The fact that the model constructed will be countably infinite will be 
evident, because the elements of the model will be terms. 

We provide an enumeration F t of all the formulas of our language in 
which no bound variable appears free (every bound variable is in the 
scope of a quantifier over that variable), and in which shorter formulas 
appear before longer formulas. 

We define sequences of finite sets of formulas Tj and A* which will have 
the following properties. 

1. Each Tj, T' h Aj, A' is not a provable sequent for any finite subsets 
T', A' of T, A respectively. 

2. Vi C r m ; A* C Aj +1 

3. Each formula F t appears in T i+1 U A i+1 

The motivation is that the set T^ which is the union of all the Tfis 
will be the set of true statements of the model to be constructed and 
the set Aqo which is the union of all the Aj’s will be the set of false 
statements of the model to be constructed. 
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r 0 = A 0 = 0. The conditions are clearly satisfied so far. 

If T,j and Aj are defined and the conditions are supposed satisfied so 
far, we have next to consider where to put F % . 

1. If Tj, T r b Fi, A' is not provable for any finite subsets T', A' of T, A 
respectively, set Tj + i = Tj and Aj+i = A* U {iq}. 

2. If Tj, T' b Fi, A' is provable for some T'CT and A' C A, then it 
cannot be the case for any finite subsets Y" , A" of T, A respectively 
that Yi, T", Fi b A" is provable, as we would then be able to 
prove T', T" b A', A" using the Cut Rule. If F t is not of the form 
(3 x.(f>[x]), we define Tj + i as L, U {Fi} and Aj +i = A*. If Fi is of 
the form (3 x.(f>[x]), let a be the first constant of the same type as x 
which does not appear in any formula in T, A, Tj or Aj, let Tj +1 be 
defined as L, U {(3a:.0[a:]), 4>[a]} and let A i+1 be defined as Aj [an 
important alternative is to use the Hilbert symbol (ex.<f)[x]) instead 
of a]. Note that if Tj, (3x.(ft[x]), <j)[a], P b Aj, A' were provable, so 
would Tj, (3x.(f)[x\), R b Aj, A', and we have already pointed out 
that the latter cannot be proved for any subsets T', A 1 of T, A 
respectively in this case. [If the alternative approach is used, note 
that if Tj, (3x.(f>[x]), 4>[(ex.(j)[x])/x], P b Aj, A' were provable, then 
Tj, [3x.(j)[x]), T' b Aj, A' would also be provable]. 

The discussion shows that the conditions required continue to hold at 
each stage of the construction. So the definition succeeds and we obtain sets 
Too and Aoo whose union is the set of all formulas and whose properties we 
now investigate. 

We are able to show that the following Lemmas hold. 

Lemma: Too and A^ are disjoint. 

Proof: If they had a common element A, then some Tj and Aj would have 
that common element, and Tj b Aj would be an axiom of sequent 
calculus. 

Lemma: T C T^; A C A^ 

Proof: Consider what happens to F t in either of these sets at the appropriate 
stage of the Construction. 
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Lemma: -i0 G T^ -b- 0 G A^; equivalently, ->0 G iff 0 is not in Too. 

Proof: Otherwise for some i, 10 would contain both 0 and ->0 or Aj would 
contain both 0 and ->0. In either case 10 b Aj would be provable. 

Lemma: 0 V 0 G T^ iff either 0 G or 0 G Too. 

Proof: Otherwise we would either have 0 V 0 in T^ and both 0 and 0 in 
Aqq, in which case 

10 b Aj 

for some i would take the form 100 V 0 b 0, 0, Aj, which would be 
provable, or we would have 0 V 0 G T^ and either 0 G A^ or 0 G A^, 
and thus some 10 b Aj would take one of the forms 


10,0 b 0 V 0, Aj 


or 

10,0 b 0 V 0, Aj, 


both of which are provable. 

Lemma: (3 x.(f>[x]) G Too iff there is a term t such that (j>[t\ G Too. 

Proof: If (3 x.(j>[x]) = F t and (3x.0[x]) G Too then some 0[a] is also in Too by 
a specific provision of the construction. If (3x.0[x]) G A ro and there is 
some 0[f] G Too, then some 10 b Aj takes the form 

I0,0[t] b (3x.(f)[x\), Aj 


and this is provable. 

Lemma: t = t G for any term t. If t — u G and 0[t] G then 
0M e To,,. 

Proof: Immediate from the form of the sequent rules for equality. 

Lemma: The relation — n on terms of type n which holds between terms t 
and u of type n just in case t — u G is an equivalence relation. 

Proof: t — u b u — t and t — u, u — v \~ t — v are provable. 
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Lemma: For any term t. if (p[t/x] G then <f>[{ex .<f>\x\) / x] G r^,. 

Proof: 4>[t/x] h cp[(ex.(p[x])/x] is provable. 

Lemma: If (\/x.cp[x\ GG ip(x)) G Too then (ex.(f>[x\) = (ex.ip[x]) G Too. 

Now we can define the interpretation of our language that we want. The 
elements of D n are the terms of type n in our language, a™ is actually defined 
as a ? n (each constant is its own referent). F- 1 is the map which sends each 
type n term t to the term F t (t). Of sends each pair of type n terms (t,u) to 
the term tOiU. P" is the set of all terms t of type n such that F,(t) G Too. 

R'l is the set of all pairs of type n terms (t,u) such that tRu G Too. The 
functions H n are chosen so that H n ({t \ (p[t/x] G Too}) is the formal term 
(< ex 4 i>). 

The idea here is that we construct a model in which each term is taken to 
represent itself. The atomic formulas are evaluated in a way consistent with 
the idea that (p G T^ simply means “0 is true in the term model”, and the 
lemmas above show that complex terms and formulas are evaluated exactly 
as they should be for this to work. We conclude that for each formula <p G T, 

(p is satisfied in the term model, and for each formula <p G A, cp is not satisfied 
(-1 <p is satisfied) in the term model. 

Definition: For any environment E whose range consists of closed terms and 

term or proposition T, we define T[E] as T[E{x\)/x i] [P(x 2 )/x 2 ] . . . [E(x n )/x n ] 
where n is the largest index of a variable which occurs free in T . 

Theorem: In the interpretation of our language just described, V(E,<p ) = 

1 GG <p[E] G Too for each formal sentence (p , and 1Z(E, t ) = t[E] for each 
formal term t. 

Indication of Proof: This is proved by induction on the structure of formal 
terms and propositions. The Lemmas above provide the key steps. 





The following theorems follow from considering the Construction and 
following Theorem. 

Completeness Theorem: Any valid sequent has a proof. 

Proof: This is equivalent to the assertion that any sequent which is not 
provable is invalid. A sequent T b A is invalid precisely if there is an 
interpretation of the language under which T consists entirely of true 
statements and A consists entirely of false statements. The Construc- 
tion shows us how to do this for any sequent which cannot be proved. 

Definition: A collection T of sentences is consistent iff there is an interpre- 
tation under which all of them are true. 

Compactness Theorem: Any collection of sentences any finite subcollec- 
tion of which is consistent is consistent. 

Proof: Let T be a collection of sentences any finite subcollection of which 
is consistent. This implies that To b 0 is invalid for each finite To C T. 
This means that T b 0 satisfies the conditions of the Construction so 
there is an interpretation in a term model under which all the sentences 
in T are true. 

Lowenheim-Skolem Theorem: Any consistent set of sentences has a fi- 
nite or countable model. If it has models of every finite size it has an 
infinite model. 

Proof: Any consistent set of sentences satisfies the conditions of the Con- 
struction, and so has a term model, which is countable (or finite). If the 
theory has models of every finite size, it is consistent with the theory 
resulting if we adjoin new constants a* indexed by the natural numbers 
with axioms a* ^ aj for each i ^ j, by Compactness. A model of this 
extended theory will of course be infinite. 

The relation — n on D n implementing on each type n will not be the 
equality relation on D n , but it will be an equivalence relation. We can 
convert any model in which equality is represented by a nontrivial equivalence 
relation into one in which the equality relation is represented by the true 
equality relation on each type by replacing model elements of type n with 
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their equivalence classes (or representatives of their equivalence classes) under 

n 

If the logic is extended to support our type theory, equality is definable. 
The relation (Wz.x G z — >• y G z) provably has the properties of equality 
in the presence of the axiom of comprehension. Unfortunately, as we will 
see in the next section, full type theory does not satisfy the Completeness 
Theorem. 

Although the set-theoretical definition of the Hilbert symbol involves 
Choice (and if we add type theory as part of our logic without some care, 
the properties of the Hilbert symbol will imply Choice) the Hilbert symbol 
adds no strength to first-order logic. If we have any theory not using the 
Hilbert symbol, we can use the Construction (without Hilbert symbols) to 
build an interpretation of the language of the theory in which all sentences 
are evaluated, and then (since the domain of this interpretation is count- 
able), add the order t < u on terms defined by “the first term equal to t 
in the interpretation appears no later than the first term equal to u in the 
interpretation in a given fixed order on terms”. Then define (ex.(j)[x]) as the 
first object in this order such that <f>. The definition of < extends to the new 
Hilbert terms, and all formulas involving the defined Hilbert symbol have 
valuations determined in the interpretation. 

The alternative version of the Construction in which existential state- 
ments are witnessed by Hilbert symbols instead of new constants has the 
immediate merit that one does not need infinitely many free constants and 
the additional merit that every object in the term model is definable from 
the basic concepts of the theory (in the original version of the Construction, 
the witnesses have an anonymous quality). 

If our language is made larger by providing an uncountable collection of 
constants, predicates, and/or function symbols, say of uncountable size k, 
the Construction still works, with the modification that “T h A is provable” 
should systematically be read “for some finite r 0 CT and A 0 C A T 0 b A 0 
is provable” . The difficulty is that the construction will pass through stages 
indexed by ordinals, and once a > u we will have T a and A a infinite sets. 
Note that we are not talking here about modifications which would make 
terms or formulas of the language themselves into infinite objects (such as 
infinite conjunctions or disjunctions). The Compactness Theorem is thus 
seen to hold for languages of all sizes, and likewise the Lowenhcim-Skolem 
Theorem can be extended to assert that any theory with infinite models 
has models of each infinite size k: to ensure that there are many distinct 
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objects in a term model, add enough constants a a with axioms a Q ^ ap for 
each a ^ f3. Any finite collection of these new axioms will be consistent 
with any theory which has infinite models, and the Construction will give an 
interpretation under which all the new constants are distinct. 

NOTE (everything to end of section): 

Think about Omitting Types theorem here or later. 

TNT is a nice exercise for this section. Also showing that type theory is 
distinct from Zermelo by showing that there are models of type theory with 
more natural numbers than types. 

Section 6 is soon enough for development of the logic of the set construc- 
tor, but some allowance for the set constructor (and its type regime) should 
be added to syntax (which will require changes in my remarks). Add remarks 
about single-sorted theories being readily supported here, and more complex 
multi-sorted theories possible but not needed. 
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5.6.1 Exercises 


1. Express the axioms of group theory in the language of first order logic 
(you do not need types and you do not need to use numerical cod- 
ings). Groups are exactly models of this theory. A group is said to 
have torsion if there is an element g of the group and a natural num- 
ber n such that g n is the identity element e of the group. A group is 
said to be torsion-free if it does not have torsion. Prove that there is 
no formula <f> in our formal language for group theory which is true of 
exactly the groups with torsion. Hint: use compactness. Suppose that 
0 is a formula which is true in every group with torsion. Consider the 
sentences r n which say “there is a g such that g n = e” for each concrete 
natural number n. Notice (explain) that each of these sentence can 
be written in our formal language. Verify that the infinite set of sen- 
tences {0, -i7i, -it 2 , -i r 3 . . .} satisfies the conditions of the Compactness 
Theorem (give details). Draw the appropriate conclusion. 

Explain why this tells us that (3 n G A f .g n = e ) is not equivalent to any 
sentence in our formal language for group theory. 

2. The Lowenheim-Skolem Theorem tells us that every theory with a finite 
or countable language has a finite or countable model. Our untyped 
set theory has a countably infinite language, so has countably infinite 
models. 

But in untyped set theory Cantor’s Theorem |A| < l'P(A)! holds. As 
an exercise in porting results from type theory to set theory, write out 
the proof of Cantor’s Theorem in untyped set theory. Hint: you do not 
need to make finicky use of the singleton operator in your argument. 

Finally, if A is an infinite set in a model of untyped set theory, either 
A is not countably infinite (in which case we have an uncountable set) 
or A is countably infinite and |A| < |P(A)|, in which case V(A) is an 
uncountable set (according to the model). Yet the whole model may 
be countably infinite, and so certainly any infinite subsets of the model 
are countably infinite. Why is this not a contradiction (this argument 
is called Skolem’s paradox )? Hint: I’m using what look like the same 
words in different senses here; explain exactly how. 
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5.7 Cut Elimination for First-Order Logic 
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5.8 Incompleteness and Undefinability of Truth 

We say that a term t is closed iff all bound variables appearing in it are 
actually bound by some quantifier (or Hilbert symbol). A closed formula in 
this sense is a sentence. Each closed term t has a referent which we may 
write 7 Z(t) (the choice of environment will not affect the reference of a closed 
term). There are terms such that 1Z( 1 V) = t: T has as its referent the 
formal term t itself. There is a recursive procedure (using our definition of 
syntax) which would allow us to define a function which sends every formal 
term t to such a formal term l t\ Similarly we can define a function sending 
each formal sentence p (considered as a mathematical object) to a formal 
term ‘p’ such that 7 \f(‘p’) = p. 

An additional convention will make this easier to see: let the operator Oi 
be reserved to represent the ordered pair, and the constants a. 2 n to represent 
the natural numbers n. Since all terms are built from natural numbers by 
pairing, easy recursive definitions of ‘f in terms of t and ‘p’ in terms of p can 
be given. 

Now we can prove some quite surprising theorems. 

Godel’s First Incompleteness Theorem: There is a sentence of our lan- 
guage which is true but cannot be proved. 

Proof: Define a predicate G of formulas p as follows: G(p) says “p is a 
formula with one free variable x and p[‘p’ jx\ is not provable”. We have 
seen in the previous sections that everything here is definable. Let g 
represent the formula G(p) as a mathematical object. G(g) says that g 
is a formula with one free variable (it has one free variable p as you can 
see above) and g[ l g , /p\ is not provable. But g[g' /p\ is the statement 
G(g) itself. If G(g) is true, it cannot be proved. If G(g) is false, it can 
be proved and is therefore true. So G(g) is true but not provable. 

There are some subtleties here if there are unintended objects among 
our proofs (we discussed this possibility for the natural numbers ear- 
lier). The sentence G(g) cannot be provable, as we would then have a 
concrete proof whose existence falsifies what it proves. Suppose that 
G(g) could be decided by being proved false: this would show that 
there is a “proof” of G(g), but that might be an “unintended object” 
that we would never actually find. 

This loophole can be closed by modifying the definition of G (a trick 
due to Rosser). Instead of constructing a statement which asserts its 
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own unprovability, construct by the same technique a statement which 
asserts that if it is provable there is a shorter proof of its negation (a 
notion of numerical measure of size of proofs can readily be defined 
recursively). If a concrete proof of this statement were given, there 
would be a proof of its negation which was shorter, and so also concrete. 
If a concrete disproof of this statement were given, then the statement 
would be true (as no shorter statement could be a proof): this would 
make a concrete proof of the statement possible. Whether or not there 
are unintended “proofs” or “disproofs” of this statement, the statement 
must actually be undecidable. 

This theorem applies not only to our type theory but also to bounded 
Zermelo set theory, Zermelo set theory and ZFC (where all our constructions 
can be carried out) and even to arithmetic (our whole formal development 
of the notion of provability can be carried out entirely in arithmetic: all we 
need is a notion of ordered pair definable in arithmetic, and we have shown 
that enough set theory can be defined in arithmetic that Kuratowski pairs 
of natural numbers can be coded as natural numbers. Even our semantics 
can be defined in arithmetic, with the stipulation that environments have to 
be partial functions from variables to domain elements (since they must be 
finite) and domains D n need to be defined by formulas rather than given as 
sets. 

A corollary of Godel’s First Incompleteness Theorem is 

Godel’s Second Incompleteness Theorem: Our type theory (or untyped 
set theory, or arithmetic) cannot prove its own consistency. 

Indication of Proof: The underlying idea is that to prove consistency is to 
prove that some statements cannot be proved. If the Rosser sentence 
can be proved, we can prove that all sentences can be proved (because 
if the Rosser sentence has a proof, so does its negation, and so does 
everything). So if we can prove consistency we must be able to prove 
that the Rosser sentence cannot be proved. But if we can prove that 
the Rosser sentence cannot be proved, then we can prove that the 
Rosser sentence is (vacuously) true (and so we have proved it contrary 
to hypothesis). 

There are problems of level here. To actually prove that all this works 
requires results such as “if we can prove 0, then we can prove that 0 is 
provable,” and some other similar proofs along the same lines. 
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We have never found the First Incompleteness Theorem particularly sur- 
prising: there was never any reason to suppose that we could prove everything 
that happens to be true in mathematics. The Second Incompleteness Theo- 
rem is a bit more alarming (we cannot prove that the reasoning techniques 
in our working theory are free from paradox in that theory). The next result 
is quite alarming (and requires more care to understand). 

Tarski’s Theorem: The predicate of formulas p of the language of our type 
theory (or of untyped set theory, or of arithmetic) which asserts that p 
is true cannot be defined in the same theory. 

Proof: Suppose there there is such a definable predicate true. Define T (p) 
as “p is a predicate with one free variable x and -itrue(p[‘p’/x])”. Let t 
be the mathematical object representing T(p). Then T(t) asserts that 
T(t) itself is not true. This is simply impossible. There can be no truth 
predicate (of formal sentences). 

It is easy to misunderstand this. For any statement 0 in our informal 
mathematical language (of whichever theory) we can say “0 is true”; this 
simply means 0 and has nothing to do with Tarski’s theorem. What we 
cannot do is define a predicate of formal mathematical objects <f> coding 
sentences 0 of the language of our working theory in such a way that this 
predicate is true of <L exactly if the corresponding formula 0 is true in our 
theory. This is quite weird, since the missing predicate can be understood 
as a predicate of natural numbers (in any of these theories, if we construe 
the pair of the formalization of syntax as the pair definable on the natural 
numbers) . 

The reader should notice the formal analogy between these results (es- 
pecially Tarski’s Theorem) and Russell’s paradox. Unfortunately here the 
self-application p[ i p > /x\ cannot be exorcised as x G x was by our type disci- 
pline: the self-application is meaningful so something else has to give. 

It is important to notice that the problem here is not that our theories 
are too weak. Any theory sufficiently strong in expressive power to describe 
provability (which amounts to having enough arithmetic) has these features. 
It should be noted that stronger theories can prove consistency of weaker 
theories. For example, type theory does prove the consistency of arithmetic 
(because one can build a set model of arithmetic in type theory). 
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6 Model Theory 

NOTE: This should all be conducted in type theory. 

6.1 Ultrafilters and Ultrapowers 

Definition: Let < be a partial order. A nonempty subset F of f ld(<) is a 
filter in < iff it has the properties that for every x, y G f ld(<) there is 
some z such that z < x and z < y and that for every x, y if x G F and 
x < y implies y E F. A filter in < is proper iff it is not the entire field 
of F. A filter in > is called an ideal in <. 

Definition: This is a maximally abstract definition of filters and ideals. For 
our purposes in this section, the partial order < will always be the 
subset relation on V{X) for some fixed set X. So, for the rest of this 
section, a filter on X is a subset of V(X) which is a filter in the subset 
relation on V(X) in the sense just defined. Further, an ultrafilter on 
X is a filter U on X with the property that for each A C X, exactly 
one of A and X — A belongs to U. Note that for each x G X, the set 
U x = {A G V{X) | x G A} is an ultrafilter on X; such ultrafilters are 
called principal ultrafilters on X. An ultrafilter on X which is not of 
the form U x for any x G X is called a nonprincipal ultrafilter on X. 

Theorem: Let X be an infinite set. Then there is a nonprincipal ultrafilter 
on X. 

Proof: Choose a well-ordering W of V(X). We define the ultrafilter Uw by 
transfinite recursion. Suppose that we have determined for each fi < a 
whether Wp G Uw ■ We provide that W a G Uw iff W a fl fU eF Wg is 
an infinite set for each finite set F of ordinals less than a such that 
Wp G Uw for each (3 G F. Notice that the case F = 0 tells us that W a 
is infinite. 

We verify that Uw is an ultrafilter on X. 

The intersection of any finite subset of Uw is an infinite set: we can 
see this by considering the last element of the finite set in terms of the 
well-ordering < and applying the definition of Uw- A set A fails to 
belong to Uw exactly if there is a finite subcollection F of Uw such 
that the intersection of F U {A} is finite: clearly if there is such a 
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subcollection A is not in Uw, and if there is no such subcollcction the 
recursive definition will place A in Uw- 

We show that if A belongs to Uw and A C B, then B must belong to 
Uw'- suppose B did not belong to Uw] it follows that there is a finite 
subcollection F of Uw such that the intersection of F U {B} is finite, 
from which it follows that the intersection of F U {A} is finite, from 
which it follows that A is not an element of Uw- We show that if A 
and B belong to Uw, there is C G Uw such that CCA and C C B: a 
suitable C is AnB, for which it is clear that any finite subcollcction F 
of Uw has the intersection of F U {A ft B} infinite because this is equal 
to the intersection of (F U {A}) U {B}. This verifies that Uw is a filter 
on X. 

It cannot be the case that A and X — A are both in Uw because their 
intersection is not infinite; nor can it be the case that both are not in 
Uw, because we would then have finite subsets F and G of Uw with 
the intersection of F U {A} finite and the intersection of G U {A" — A} 
finite, so all but finitely many of the members of P| F would be outside 
A while all but finitely many of the members of P| G would be in A, so 
p| (F U G ) would be finite, which is impossible. This verifies that Uw 
is an ultrafilter on X. 

Uw is a nonprincipal ultrafilter because any principal ultrafilter U x has 
a finite element {a;}. 

Note that the Axiom of Choice is used here (we have actually shown 
that there is a nonprincipal ultrafilter on X if V(X) can be well- 
ordered). This use of choice is essential: it is consistent with the other 
axioms of type theory or set theory that there is no nonprincipal ul- 
trafilter on any infinite set. It is easy to show that any ultrafilter on a 
finite set is principal. 

Definition: Let X be an infinite set and let U be a nonprincipal ultrafilter 
on X. Let A be any set (not necessarily of the same type as X). 
Let / and g be two maps from X to A (these may be lateral!). We 
define / g as holding iff {x \ f(x) = g(x)} G U. It is easy to 

see that ~u is an equivalence relation: reflexivity and symmetry are 
trivial, while transitivity follows from the fact that U is a filter: if 
{x | f(x) = g(x)} G U and {x \ g{x) = h(x)} G U, then {x \ f(x) = 
g(x) A g(x) = h(x)} G U, being the intersection of two elements of 
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U, and its superset {x \ f(x) = h(x)} is also in U. We define A u , 
the ultrapower of A with respect to U, as the collection of equivalence 
classes under ~jj. With each a G A we associate a* G A u , defined 
as the equivalence class under of the constant function on X with 
value a. Note that the domain of ~j/ is the collection of functions from 
X to A, and that we have indicated how to define this even if A and 
X are not of the same type. 

Definition: Let X be an infinite set and let U be a nonprincipal ultrafilter 
on X. Let A and B be sets (not necessarily of the same type) and 
let R be a (possibly lateral) relation from A to B. For [/] in A u and 
[g\ in B l \ we define [/] R u [g] as holding iff {x \ f(x)Rg(x)} G U (it 
is straightforward to show that this does not depend on the choice of 
the representatives / and g of the elements of A u and B u ). Note that 
a* R u b* GG a R b. 

Construction: We view A u as a kind of extension of A, with each element a 
of A corresponding to the element a* of A u . We are going to define an 
extension of the language we use to talk about A to a language which 
talks about A u . In fact, we are going to carry out such an extension 
for any collection of domains we wish to consider, all at once. 

For any open sentence (p(x i, . . . ,x n ) with no free variables other than 
Xi, ... ,x n , in which each aq G A t) we define a sentence ... , [/„]) 

for any fixed [/)] G Af as meaning {x \ 4>(fi(x ), . . . , f n (x))} G U. 

If fi =u 9i for each i, then 0*([/i], . . . , [/„]) asserts that {x \ <i>(fi(x ), . . . , /„(x))} 
is an element of U, and, because intersections of elements of U are in 
U, so is {x I <j)(fi(x ), . . . , fn{x)) A fi(x) = gx(x) A ... A f n (x) = g n (x)}, 
which is a subset of {a: | <f>(gi(x), . . . ,g n (x))}, so this latter set is in 
U, so 0*([<7i], . . . , [g n ]). The argument is completely symmetrical that 
shows that (f>*([gi ], . . . , [g n ]) implies (f>*{[fi], ■ ■ ■ , [/„]), so the choice of 
representatives in our notation for elements of Af' 1 s is immaterial. 

We note that if ^(aq, ... : ,x n ) is ^{x u . . . , x n ), then . . . , [/„]) 

is equivalent to {x \ -< / ip(fi(x ), . . . , f n (x))} G U, which is equivalent to 
{x | ip(fi(x ), . . . , fn(x))} U, because U is an ultrafilter, which is in 
turn equivalent to “ , V ; * ( [./) ] , • • • , [/«])• In other words, the meaning of 
negation in the translated language is what we expect. 

If . . . , x n ) is 0(x Sl , . . . , x Sp ) A x(x tl , • • • , a:*,), then 0([/i], . . . , [/„]) 
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is equivalent to {x \ ip(f ai (x), ..., f Sp (x)) A xiftAx), • • • , ft q (x))} G U, 
which is equivalent to {x \ ^(f Sl (x),...J Sp (x))} G U A{x \ xift^x ), . . . , f tq {x))} G 
U, because subsets A and B of X both belong to U iff their intersec- 
tion belongs to U, and this is in turn equivalent to ip*([f s J, . . . , [f Sp ]) A 
X*([fti\y-i [ ft q ])■ I 11 other words, the meaning of conjunction in the 
translated language is what we expect. 

If <j>(x u ...,x n )is (3y.if}(y, x u . . . , x n )), then 0*([/j], . . . , [/„]) is equiva- 
lent to {x | (3 y.ijj(y, fi(x), ... , f n (x))} G U. If there is a g such that {x \ 

g{x ), fi(x ), . . . , fn(x))} G U, then certainly {x | (3 y.^(y, fi{x ), . . . , f n (x))} G 
U, because {x \ ip( g(x ), fi(x ), . . . , /„(x))} C {x \ (3 y.ip(y, fi(x ), . . . , /„(x))}. 

Now suppose that {x | (3 y.'ip(y, fi(x), . . . , f n (x))} G U . Define a 
function r/ such that for each x such that (3y.ip(y, fi(x), . . . , f n {x)) 
we have ip(g(x), fi(x), . . . , f n (x)): this is an application of the Ax- 
iom of Choice. Now we have {x \ ip(g(x), fi(x), . . . , f n (x))} = {x \ 

(3 y.^iy, fi(x), ... , f n (x))} G U for this particular g. So we have shown 
that . . . , [/„]) iff there is a [g] such that ^*([g], [fi\, ..., [/„]). 

This means that the existential quantifier over any Aj in the base lan- 
guage translates to the existential quantifier over Af in the extended 
language (here we moved the quantified argument into first position, 
but it should be clear that we do not really lose any generality by doing 
this). 

Note that if 0(aq, ...,x n ) is ^(a, xi , . . . , x n ), then 0*([/i], . , . , [f n ]) is 
equivalent to {x \ ip(a, fi(x ), . . . , f n (x))} G U, which is equivalent to 
i/}*(a*, [/i], . . . , [/„]), which indicates that constants taken from domains 
Ai behave naturally in the extended language. 

In the last two paragraphs, we have done manipulations on the first 
argument of an open sentence which can of course be done on any 
argument; since we can change the indexing of the arguments (and so 
of the domains) of a fixed open sentence it should be clear that we do 
not lose generality. 

Note finally that if 4>{x i, . . . ,x n ) is true for any assignment of values 
to the Xi s from the appropriate Aj’s, then {x \ <t>(fi(x ), . . . , f n (x))} = 

X G U for any choice of /,’s, so . . . , [/„]) is always true. Transla- 

tions of general truths about the Ads hold true in the extended language 
over the A,f ’s. 
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6.2 Technical Methods for Consistency and Indepen- 
dence Proofs 

There is a political point to be made here: all of these things can be done 
in type theory, quite naturally, and can thence be exported to NFU without 
reference to the usual set theory. 

6.2.1 Frankel-Mostowski Methods; The Independence of Choice 

6.2.2 Constructibility and the Minimal Model of Type Theory 

Build the Forster term model of type theory. Also, prove the consistency of 
CH and GCH (though this might get forced forward after the logic section, 
because there is model theory involved.). 

6.2.3 Forcing and the Independence of CH 

The treatment of constructibility in the previous subsection is precisely that 
in the usual set theory (the fact that all the work is done in Z should make 
this clear. Our treatment of forcing is somewhat different from the treatement 
in the usual set theory: this can be seen from the fact that it handles atoms, 
which the usual techniques do not, and also from the fact that it creates 
atoms. The differences are technical: the basic idea is the same. What we do 
show by this method is that it appears that it is not necessary to do recursion 
along the cumulative hierarchy to do forcing (as is commonly done). 

6.2.4 Generalizing the T operation 

NOTE: this note might better belong somewhere else, but these considera- 
tions are needed here. 

Certain collections, such as the natural numbers, are “the same” in each 
sufficiently high type. This is usually witnessed by a T operation. Some 
collections on which a T operation is defined get larger at each type; these 
are of less interest to us here. 

T operations are defined on cardinals and on ordinals (more generally on 
isomorphism types) already. We point out that if we have defined T oper- 
ations on sets A and B , there is a natural way to define a T operation on 
V(A) (for a C A, define T v ^ A \a) as T Au a), on B A (so that T bA ( f)(T A (a)) = 
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T B (f(a)), and on Ax B (so that T AxB ((a , b )) = (T A (a), T B (5))). We super- 
script T operations with their intended domains here for precision: we will 
not usually do this. 

There is a uniform way to define T operations on sets with a certain kind 
of symmetry. 

Definition: We call a Injection / : V — > V a permutation of the universe. 
We use fl as a nonce notation for the set of all permutations of the 
universe. Define j(f) so that j(f)(x) = f u x for all x (j(f) is undefined 
on sets with urelements as members). Define j n (f) in the obvious way. 
Further, we define the operation j n (t) similarly (with due respect to 
the fact that i is itself a type-raising operation, but the definition works 
formally). A set A is n-symmetric iff j n (f)(A) = A for all permutations 
of the universe / of the appropriate type. Notice that this implies that 
A G V n (V). We define a T operation on n-symmetric objects A for 
each n: 


T{A ) = O'" -1 (/) 0'° _1 (0 («) ) I a G A A / G n}. 

Observation: The generalized T operation here would coincide with all T 
operations defined up to this point, if we used the Kuratowski ordered 
pair, or if we presumed that the type-level ordered pair coincided with 
the Quine ordered pair on sets and restricted all use of pairing to sets 
of sets (as would happen if we assumed strong extensionality) . For 
cardinal numbers are 2-symmetric, isomorphism types are 4-symmetric 
if defined in terms of Kuratowski pairs and 2-symmetric if defined in 
terms of Quine pairs, and the definitions given above for power sets, 
function spaces, and cartesian products will coincide with appropriate 
T operations of this kind on power sets, function spaces and cartesian 
products (taking into account the effect on the degree of symmetry of 
these set constructions). 

6.2.5 Forcing: Basic Definitions 

We fix a definable partial order <p with held P which supports a T 
operation with the property that T“(<p) =<p (which of course implies 
that T“P = P). This is of course a pun: what is being said is that the 
definition of P with all types raised by one will give the image under 
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the T operation of the original partial order P . Such an order P will 
be defined and essentially “the same” structure in all types above a 
certain level. 

The set P will be in some sense the space of “truth values” for the 
forcing interpretation. Each element of <p represents an (incomplete) 
“state of information” ; the relation p <p q tells us that the state of 
information described by q extends the state of information described 
by p (the opposite convention is often used!) . If neither p <p q nor q <p 
p, the states of information described by p and q are to be understood 
to be incompatible. 

“The objects of type n” of our forcing interpretation are relations x 
from V n to P, that is, subsets of V n x P, with the property that (y, p) G 
x Aq >p p — >■ (y, q). Notice that the type n objects of the forcing model 
are actually certain type n + 1 objects. The type n + 1 objects which 
will be interpreted as type n objects are called names. Those familiar 
with treatments of forcing in the usual set theory should notice that 
we are not requiring names to be relations from names to elements of 
P : this would introduce a recursion on the type structure, which is 
something always to be avoided in type theory. We will see below how 
difficulties which might be supposed to arise from this freedom in the 
construction of names are avoided. 

The central definition of the forcing interpretation is the definition of a 
notation p b 0 for formulas 0 of type theory, which is intended to tell 
us when a condition p gives us sufficient information to decide that an 
assertion c f> is true. 

The central theorem of the forcing interpretation will be that p b 0 
is true for each axiom 0, that p b 0 can be deduced from p b 0 
whenever 0 can be deduced from -0 by a rule of logic. It will further 
be clear that we cannot prove —>(jp b 0 A -<0) (unless we can prove 
a contradiction in type theory itself). It is very important to notice 
that this is not metamathematics: p b 0 is not an assertion about a 
mathematical object ’0’ coding the assertion 0 as in the development 
of Godcl’s theorem or Tarski’s theorem, and we are not building a set 
model of type theory (this cannot be done in type theory by those very 
theorems!). Of course we may associate with set models of type theory 
(if there are any) set models of type theory generated by applying a 
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forcing interpretation to those set models, and this will be of some 
interest. 

Definition: We define 

Np = {x e V(VxP) | (Wy.(Wp G P.(Vg >p p. ( y,p ) G x -A (y, q) G a;)))} 

as the set of P -names. We define the notation p b (j) recursively. 

We suppose all logical operators defined in terms of A, V. 

negation: p I 1 (j) is defined as (Vg >p p.-i(g b </>)). Informally, 

“no matter how much information we add to p, we will not 
verify <f>” . 

conjunction: p b (j) A ^ is defined as (p b 0) A (p b iji). This ap- 
pears simple enough, but one should note that if one expands 
out the definition of disjunction or implication in terms of the 
given definitions of negation and conjunction one does not get 
this nice distributivity. 

universal quantification: p b (Vx.0) is defined as (Vx G Npp b 
4>[x./x]). Again, this definition looks very direct, but it is 
instructive to analyze the expansion of p b (3 x.(j)[x]). 

pseudo-membership: (this will not be the interpretation of mem- 
bership, for reasons that will become evident, but it makes the 
definition easier): for any x, y, p b x G* y iff y G Np A (Vg >p 
T -1 (p).( 3r >p q. (x, r) G y)). Note the necessity of the in- 
troduction of the T operator so that we have a well-formed 
assertion of type theory. Note also that x here is any object at 
all (of appropriate type) while y is a name of the next higher 
type. 

Pseudo-membership does not officially appear in formulas of 
our language; this notation is used only in the definitions of 
equality and membership for the forcing interpretation. 

equality: Let x and y be names, p b x = y is defined as 

(' iz.(p b 2 G* x) GA {p b z G* y)). 

Names are asserted to be equal as soon as we have enough 
information to see that they have the same pseudo-members. 
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sethood: p b set(x) is defined as 

(Vy.(p b y G* x) — » y G N P A(\/z.(p b y = z) —> (p b z G* x))). 

p says that x is a set iff anything that p thinks is a pseudo- 
clement of x is a name and any name that p thinks is equal 
to an pseudo-element of x p also thinks is an pseudo-element 
of x. We will see that under these conditions we can drop the 
“pseudo-” . 

membership: p b x G y is defined as (p b x G* y) A (p b set (?/)). 
The idea here is that we convert the names whose pseudo- 
extension does not respect equality to urelements. This is 
how we avoid recursion on type in our definitions (along with 
the fact that we use typically ambiguous partial orders on 
forcing conditions). 

type-shifting convention: Notice that in atomic formulas we 

have p at the same type as the highest type of one of the 
arguments. Hereafter we stipulate p b (ft iff T(p) b </>; the 
type of p may freely be shifted. It would otherwise be difficult 
to type conjunctions, and it should be clear that this will 
introduce no conflicts. 

NOTE: in the context of NF(U) this will be clear if the set P 
is strongly cantorian. What can be done (if anything) with 
cantorian partial orders needs to be cleared up [when it is 
cleared up the exact way we proceed here might need to be 
modified] . 


7 Saving the Universe: Stratified Set Theo- 
ries 

This section concerns a class of untyped set theories which are related to 
type theory (as Zermelo set theory and ZFC also are) but in a different 
way. The first theory of this class was introduced by Quine in his “New 
foundations for mathematical logic” (1937) and so is called NF, which is 
short for “New Foundations” . NF, as we shall see, is a very strange theory 
for rather unexpected reasons. We shall ignore historical precedent and start 
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by introducing NFU (New Foundations with urelements), which is much 
more tractable. NFU was shown to be consistent by R. B. Jensen in 1969. 

Most of the theories of this class share the perhaps alarming characteristic 
that they assert the existence of a universal set. 

7.1 Introducing NFU 

The starting point of the line of thought which led Quine to “New Founda- 
tions” but which will lead us first to NFU (due to careful planning) is an 
observation which we have already exploited. The types of our type theory 
are very similar to one another (in terms of what we can prove). We have 
used this observation to avoid cluttering our notation with endless type in- 
dices. We begin by carefully stating the facts already known to us (at least 
implicitly) about this ambiguity of type and considering some extrapolations. 

7.1.1 Typical Ambiguity Examined 

If we suppose that each variable x in the language of our type theory actually 
comes with a type index (x 11 is the shape of the typical type n variable), we 
can define an operation on variables: if a: is a variable of type n, we define x + 
as the variable of type n + 1 obtained by incrementing the type index which 
x is supposed to have (though we continue our convention of not expressing 
it). This allows us to define an operation on formulas: if 0 is a formula of the 
language of type theory, we define 0 + as the result of replacing every variable 
x (free or bound) in 0 with the type-incremented x + . The same operation 
can be applied to terms: {x j 0} + = { x + | 0 + }, and (ex.0) + = (ex + .cp + ). 

Our first observation is that for any formula 0, 0 + is also a formula, and 
for any term T, T + is also a formula. The converse is also true. Further, if 0 
is an axiom, 0 + is also an axiom (in fact, the converse is also true). Further, 
if -0 can be deduced from 0 by any logical rule, 0 + can also be deduced 
from 0 + , whence it follows that if 0 is a theorem of type theory, 0 + is also a 
theorem of type theory. In this case, the converse is not necessarily the case, 
though the converse does hold in TNT . This means that anything we know 
about a particular type (and a number of its successors) is also true in each 
higher type (and a number of its corresponding, appropriately type-shifted 
successors). Further, any object we can construct in type theory has a corre- 
late constructed in the same way at each higher type. We have exploited this 
phenomenon, which Whitehead and Russell called “systematic ambiguity” in 
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the more complex system of their Principia Mathematica, which most work- 
ers in the area of NF now call “typical ambiguity”, and which is a rather 
extreme example of what computer scientists call polymorphism , to make it 
almost completely unnecessary to mention specific type indices in the first 
section of this book. 

Quine made a daring proposal in the context of a type theory similar to 
ours (in fact, differing only in the assumption of strong extensionality) . He 
suggested that it is not just the case that provable statements are the same 
at each type, but that the same statements are true in each type, and that 
the objects at the different types with correlated definitions do not merely 
serve as the subjects of parallel theorems but are in fact the same objects. 
The theory which results if this proposal is applied to our type theory is an 
untyped set theory, but rather different from the theory of Zermclo developed 
above. 

In this theory we have not a universal set V n+1 = {a; 11 | x n = x 11 } for each 
n, but a single set V = {a; | x = x}. We have already shown that it follows 
from the Axiom of Separation of Zermelo set theory that there can be no 
such set V (whence it follows that if this new theory is coherent it does not 
satisfy the Axiom of Separation). We do not have a 3 n+1 which contains all 
the three-element sets of type n objects, but a single object 3 which is the 
set of all three-element sets. 

We will give the precise definition of this theory in the next section. 
What we will do now is prove a theorem due to Specker which will make the 
connections between various forms of typical ambiguity clearer. For the rest 
of this section, we discuss theories framed in languages in which variables are 
typed and which satisfy the condition that for any formula (j) is well-formed 
if and only if (j) + is well-formed. Further, we require that the language of the 
theory be closed under the basic logical operations familiar to us from above, 
and that whenever the rules allow us to deduce <fi from [neither formula 
mentioning any maximum type] we are also able to deduce (j) + from ip + . It 
is required that every context in which a term can occur dictates the type of 
that term exactly. 

We consider the following suite of axioms. 

Ambiguity Scheme: For each sentence <f> (formula with no free variables) 
for which (j) + is well-formed, (j) •<->■ (p + 

With any theory T in typed language, we associate a theory T°° whose 
sentences are simply the sentences of T with all type distinctions removed. 
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A model of T°°, if there is one, is a model of the typed theory T in which all 
the types are actually the same. Notice that T°° is automatically the same 
as (T + Amb)°° , where Arrib is the ambiguity scheme above, because Amb°° 
is a set of tautologies. 

Note that the language of T°° allows things to be said which cannot be 
said in the typed language of T : sentences like a G a are well-formed, and a 
completion of a consistent T°° would assign truth values to such sentences. 

Theorem (Specker) : For any theory in typed language which is well-behaved 
in the ways outlined above, T°° is consistent iff T + Arrib is consistent. 

Proof: It is obvious that the consistency of T°° implies the consistency of 
T + Amb. 

Suppose that T + Arrib is consistent. Our goal is to show that T°° 
has a model. We first observe that this is obvious if the language of 
T contains the Hilbert symbol (or any construction with equivalent 
logical properties). For T + Amb , being consistent, can be extended 
to a complete theory, which has a model consisting entirely of closed 
terms T built using the Hilbert symbol. We can then identify the term 
T with the term T + for every T. No conflict can occur: any assertion 
4>{T) has the same truth value as 0 + (T + ) (and these identifications and 
equivalences can be indefinitely iterated) [and no weird variants such 
as 4> + {T ) are meaningful]. The truth value of (f>(ai, . . . ,a n ) with any 
Hilbert symbol arguments a.; however weirdly typed can be established 
by raising the type of <\> sufficiently high that the types expected for 
its arguments are higher than the types of any of the ad s then raising 
the types of the arguments a* to the correct types, then evaluating this 
well-typed formula. 

To complete the proof we need to show that any typed theory T + Amb 
can be extended to include a Hilbert symbol in a way which preserves 
the truth of all sentences and allows Amb to be extended to the new 
sentences. Since T +Amb is consistent, we can suppose it complete. We 
list all Hilbert symbols, stipulating that a Hilbert symbol must appear 
after any Hilbert symbol which occurs as a subterm of it in the list. We 
assume that before each Hilbert symbol is introduced we have a deduc- 
tively closed theory which contains all instances of Amb appropriate 
to its language (i.e. , not instances which mention Hilbert symbols not 
yet introduced). We introduce the Hilbert symbol a = {ex.x[x}). We 
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then find a maximal collection of sentences (j>[a] which includes %[a], 
contains all type-raised copies of its elements, and is consistent. For 
any conjunction <f> of these sentences we have (3x.$ + ’(x)) consistent 
for any i, so we can consistently add all 0 + ‘[a +! ] to onr theory. 

We now assume that we have a complete set of sentences a + , . . . , a +k ] 
consistent with our theory and closed under + (we have just dealt with 
the base case k = 1). We show that we can get a complete set of 
sentences <j)[a, a + , . . . , a +k+1 ] consistent with our theory and closed un- 
der +. Suppose i/;[a, a + , . . . , a +w ] is a sentence which we wish to con- 
sider. We consider the status of sentences (*) : (3 x.ij}[a, a + , ... ,a + , x] A 
$ + [a + , . . . , a +k ,x]) and (*“') : (3 x.->ip[a, a + , ... , a +k , x]A$ + [a + , . . . , a +k ,x]) 
which are already decided in our theory (because they mention blocks of 
k successive type-shifted versions of a). We see that if i/j[a, a + , . . . , a +k , a +,1+i ] 
(resp. -i^| a, a + , ... , a +k , a +,1+1 ] is consistent with our theory then this 
statement must have already been decided as true (otherwise we would 
be able to disprove ^[a, a + , . . . , a +k , a +k+1 ] (resp. a+ , • • • , a + , a +fe+1 ]) 

from prior assumptions). This means that we can extend the sequence 
of k type shifted versions of a with a new term in such a way that 
the “type shifted sequence” starting with a + and extended with x has 
as many of the known properties of blocks of k type shifted versions 
of a as we want, and the sequence of k + 1 elements satisfies (resp. 

-i if)). These properties can include the ability (expressed in the for- 
mula (*) (resp. (*“■) above, which can be used to extend <£>) to further 
extend the sequence as many times as desired, while also preserving 
the property that blocks of k + 1 elements of the extended sequence 
satisfy (type shifted versions of) if} (resp. Compactness then tells 

us that we can assume that all blocks of k + 1 type shifted versions 
of a satisfy if} (resp. -i t/ ; )- This means that we can proceed (again 
by compactness) to find a maximal collection of consistent sentences 
^[a, a + , . . . , a +k , a +, “ +1 ] such that the closure of this set under + is con- 
sistent with our previous theory. Repeating this process for all k gives 
us a theory with the new Hilbert symbol adjoined which extends Arab 
as desired. Repeating this process for all Hilbert symbols gives the de- 
sired extension of T + Amb with Hilbert symbols, and with the scheme 
Amb extended appropriately to Hilbert symbols. 
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7.1.2 Definition and Consistency of NFU 

We refer to the typed theory of sets which is our working theory as TSTU 
(excluding for the moment the axioms of Infinity, Ordered Pairs, and Choice). 
We refer to TSTU + strong extensionality as TST. We define NFU (for the 
moment) as TSTU 00 , and define NF (“New Foundations”) as TST°°. 

In this section we will expand a bit on how to understand the theory 
NFU , prove its consistency, and observe that the method of proof extends 
to a stronger theory which we will then make the referent of the name NFU . 

NFU is an untyped set theory, like the theories of chapter 4. The axioms 
of NFU are exactly the axioms obtained from axioms of Extensionality and 
Comprehension of TSTU by disregarding all distinctions of type between 
the variables. Impossible axioms like {x \ x 0 a;} do not appear as instances 
of Comprehension because x x is not the shape of any formula of the 
language of TSTU : we drop the type distinctions, but this does not introduce 
identifications between variables. 

We recapitulate the axioms of NFU . 

Primitive notion: There is a designated object 0 called the empty set. 

Axiom of the empty set: (Wx.x (jL 0). 

Definition: We say that an object x is a set iff x = 0 V (3 y.y G x). We 
write set (a;) to abbreviate “x is a set” in formulas. We say that objects 
which are not sets are atoms or urelements. 

Axiom of extensionality: 

(\/xy.set(x) A set(y) — » x = y -B- (\/z.z GiPzG y)), 

In these axioms, the only changes we make are complete omission of 
references to types and type indices. The comprehension axiom is trickier. 

*Axiom of comprehension: For any formula A[x] obtained by ignoring 
type distinctions in a formula of the language of type theory in which 
the variable y (of type one higher than x) does not appear, 

(3 y.(\/x.x e y A[x])). 

We star this because it is not the form of the axiom we will use. 
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Definition: A formula <f of the language of set theory is said to be “strati- 
fied” iff there is a function a (called a stratification of f) from variables 
to natural numbers (or, equivalently, integers) such that for each atomic 
formula x = y appearing in <fi we have o'(x) = a (y) and for each atomic 
formula x G y appearing in f we have cr(x ) + 1 = o~(y). Note that for a 
formula in equality and membership alone, to be stratified is precisely 
equivalent to being obtainable from a formula of the language of type 
theory by ignoring type distinctions 

Axiom of stratified comprehension: For any stratified formula A[x] in 
which the variable y does not appear, 

(3 y.if/x.x A[x])). 

The axiom of extensionality tells us that there is only one such object y 
which is a set (there may be many such objects y if A[x] is not true for any 
x, but only one of them (0) will be a set). This suggests a definition: 

Set builder notation: For any stratified formula A[x], define {x \ A [a;] } as 
the unique set of all x such that A[x\. this exists by Comprehension 
and is uniquely determined by Extensionality. 

We show that NFU is consistent. We have shown above that it suffices 
to demonstrate that TSTU+Amb is consistent. 

Let E be any finite collection of sentences of the language of TSTU . Let 
n be chosen so that E mentions only types 0 — (n — 1). Choose a sequence 
of sets X, such that \V(Xj)\ < \iAX l+x for each i. Choose injective maps 
fi : V(Xi) — > i a X i+ i for each i and define relations x Gj y as x G X t A y G 
X i+i Ax G f~ l ({?/}) (where of course this is understood to be false if /C 1 ({?/}) 
is undefined). It is easy to see that the resulting structure is a model of TSTLb 
the interpretation of a sentence of TSTLI is obtained by replacing each type 
i variable with a variable restricted to X tJ and replacing each occurrence of 
G in an atomic formula x G y with x G* y, where i is the type of x. It 
should be easy to see that the interpretation of each axiom is true. Notice 
that this construction is carried out in our type theory, with the types of all 
the elements of the Xfs being the same fixed type whose identity does not 
matter for our purposes. 

Now observe further that for any strictly increasing sequence s of natural 
numbers, the sequence X s defined by X? = X Si determines an interpretation 
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of TSTU in exactly the same way. We observe that the sentences E determine 
a partition of the n-element sets A of natural numbers as follows: consider a 
sequence s such that s“{0, . . . , n — 1} = A and note the truth values of the 
sentences of E in the models X s (which will be entirely determined by the first 
n terms of X s ). This is a partition of the n element subsets of N into no more 
than parts, which by Ramsey’s theorem has an infinite homogeneous set 
H. Now consider any X s such that s“N C H\ the interpretations of all 
sentences 0 -B- 0 + for 0 in the axiom scheme Amb will be true in such models. 
We have shown that every finite subset of Amb is consistent with TSTU, so 
by Compactness TSTU + Amb is consistent, so by Specker’s theorem on 
ambiguity, NFU is consistent. 

We have used more mathematical power than we need here. We have 
assumed in effect that exists (because we assume the existence of an 
infinite sequence X,;). This is not strictly necessary: we can use a more 
refined form of Ramsey’s theorem and show the existence of homogeneous 
sets of sufficient size in sufficiently long finite sequences of Xj’s. However, we 
do not regard the existence of as a dubious assumption. 

The method of proof used here extends to any extension of TSTU with 
ambiguous axioms. For example NFU + Infinity + Choice is shown to be 
consistent by this argument. Further, we can add the axiom of Ordered 
Pairs as well: add predicates Hi and 7 t 2 with the additional rules that typing 
for formulas xn^y follows the same rules as typing for formulas x = y and 
additional axioms ( \/x.(3\y.x7Tiy )) (each 7 r* is a function of universal domain) 
and ( \/xy.(3\z.Z7riX A zir 2 y)). These axioms hold in our working theory, and 
can be made to hold in the X,’ s by stipulating that each X, : is infinite and 
providing Injections n : (X l x X0 — > X, for each i, and interpreting XTijy 
between type i objects as holding iff y = (u»- 

Hereinafter we will usually mean NFU + Ordered Pairs + Choice when 
we refer to NFU. 

We further note that a weaker form of stratification can be used. We say 
that a formula 0 is weakly stratified iff the formula 0' is stratified which is 
obtained by replacing each occurrence of each variable free in 0 with a distinct 
variable. Another way of putting this is that there is a function a satisfying 
the conditions for a stratification, but only in atomic formulas in which both 
variables are bound. The reason that stratified comprehension entails weakly 
stratified comprehension is that the existence of each set {x | 0} is a special 
case of the existence of the sets {x | 0'} (existing by stratified comprehension) 
in which certain variables free in 0' (and so implicitly universally quantified 
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in the axioms of comprehension in question) happen to take on the same 
values. An example: the set {x, {?/}} exists for each value of x, y (an instance 
of stratified comprehension) so the set {x, {a;}} exists for each x (an instance 
of weakly stratified comprehension). 

We further note that stratification can be extended to a language with 
terms, if a stratification must take the same value at ( ex.q i) that it does at 
x (the structure of </> then dictating type differentials between x and any 
parameters in the term), and noting that any term construction can be sup- 
posed implemented by a Hilbert epsilon term. This can be handled in the 
consistency proof by fixing choice functions to identify referents of Hilbert 
epsilon terms in the X t ''s. 

This proof allows us to bootstrap our working theory from TSTU with 
Ordered Pairs and Choice to NFU with Ordered Pairs and Choice, if we are 
so inclined: we can adopt the view that the types of our theory, which are 
suspiciously similar because we have been careful to keep our methods of 
proof over them entirely uniform, are in fact all the same domain. We will 
explore the consequences of taking this perhaps odd view. 

(NOTE: we certainly want to consider the Boffa model construction as 
well. For this we need enough model theory to get models with automor- 
phisms.) 

7.1.3 Mathematics in NFU 

(NOTE: Counting is so useful that it might show up in the base development.) 

We do not start with a clean slate when we consider doing mathematics in 
NFU, because all the mathematics we have done in TSTU can be imported. 
However, the interpretation of NFU is different in interesting ways. 

The language of NFU is larger. Sentences such as x E x are well-formed 
as they are not in typed language. Further, a sentence like V E V which 
we wrote but construed as a sort of pun in typed language is to be taken 
seriously in NFU : the universal set V has everything as an element, including 
itself. From this it follows that (3x.x E x) is a theorem of NFU , since the 
universal set is a witness. 

We have proved Cantor’s theorem \l u A\ < l'P(A)! which tells us that 
the power set of A is larger than A. But in NFU we of course know that 
V(V) C V. This does not contradict anything we proved in type theory, 
because in type theory the referents of the two F’s are not supposed to be 
the same. In NFU Cantor’s Theorem tells us that \l“V\ < |P(H)| < \V\, 
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so we see that the singleton map (which from an external standpoint we can 
see is a one-to-one correspondence) cannot be a set in NFU . 

The unstratified form of Cantor’s Theorem which is true in the untyped 
set theories of chapter 4 cannot hold in general in NFU, but it can hold 
under special circumstances. 

Definition: A set A is said to be cantorian iff |A| = |t“A|. 

This is precisely what is needed to get the unstratified theorem “if A is 
a cantorian set, |A| = \l“A\ < \V(A)\” . We see that all cantorian sets are 
smaller than their power sets. Consideration of how this fact is witnessed 
suggests a stronger property. 

Definition: A set A is said to be strongly cantorian iff (l\A) = {(a, {a}) | 
a G A} is a set. 

Obviously a strongly cantorian set is cantorian. The stronger property 
has considerably stronger consequences. 

What all of this already tells us is that a model of NFU is not a model 
of TSTU of the natural kind in which every collection of type i objects is a 
type i + 1 object. Every element of the non-function t = {(a;, {a;}) | x G V} 
is an object in our model of NFU , but the collection of all these pairs cannot 
be an element of the model on pain of contradiction. 

We give a much sharper result of the same kind. We proved above that 
T 2 (f2) < Ul (recall that Ul is the order type of the ordinals). In TSTU this 
assertion was a kind of pun, but here all references to are references to 
the same object. It is straightforward to prove that a < f3 -B- T(a) < 
T(/3), from which it follows that Ul > T 2 (f2) > T 4 (f2) > T 6 (f2) > . . .. This 
observation has two different rather alarming consequences. One is that a 
certain countable collection of objects of a model of NFU cannot be a set: if 
the smallest collection containing 0 and closed under T 2 were a set, it would 
be a set of ordinals with no smallest element, which is impossible. The other 
is that from a certain external standpoint, the ordinals of a model of NFU 
are not well-ordered. 

We investigate the mathematics of the properties “cantorian” and “strongly 
cantorian” . 

Theorem: Concrete finite sets are cantorian. Power sets of cantorian sets 
are cantorian. Cartesian products of cantorian sets are cantorian. 
Function spaces from cantorian sets to cantorian sets are cantorian. 
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Proof: Sets of concrete finite sizes are obviously the same size as their images 
under the singleton operation. We will find that asserting this for all 
finite sets is a stronger assertion than we can prove from our current 
axioms. The other assertions follow from the existence of bijections 
between V(l u A) and l“(V(A)), between t u A x u a B and t“(A x B ) and 
between l u B u " a and l u (B a ): from the ability to define these maps it 
clearly follows that if A, B are the same size as l u A, l“B, respectively, 
then V(A), Ax B, B A are the same size as t u V(A ), i“(A x B ), l u (B a ), 
respectively, which is what is to be shown. 

Theorem: Concrete finite sets are strongly cantorian. Power sets of canto- 
rian sets are strongly cantorian. Cartesian products of cantorian sets 
are strongly cantorian. Function spaces from cantorian sets to canto- 
rian sets are strongly cantorian. 

Proof: If A is a concrete finite set, 0.04) can be given as a concrete finite set. 
Again, showing that this is true for all finite sets turns out not to be 
provable with our current axioms. Construct (i\V(A)) as ( B : V(A) H > 
(A : V(l“V) i->- (U A}) (004) U B)). Construct (l\(A x B)) as ((a, b) : 
AxB^ (({*}, fo}) : (l“V) x (i“V) ^ {(*, (4B)W))- 

We leave the similar construction of ( l\B a ) as an exercise. 

Theorem: A subset of a strongly cantorian set is strongly cantorian. 
Proof: If B C A, (t\B) = 004)08. 

The last theorem is one reason why “strongly cantorian” is a much stronger 

property. Here is a further, more profound reason. 

Subversion Theorem: Let 0 be a formula in which some quantified vari- 
ables are restricted to strongly cantorian sets. Let </ >' be the formula 
obtained by replacing each occurrence of each variable bounded in a 
strongly cantorian set A with a distinct variable bounded in A (replac- 
ing single universal quantifiers over A with blocks of universal quan- 
tifiers over A or single existential quantifiers over A with blocks of 
existential quantifiers over A as needed). If 0' is stratified then {x \ 0} 
exists. Equivalently, if there is a function which meets the conditions 
to be a stratification of 0 in each atomic subformula containing two 
bound variables neither of which is bounded in A, then {x j 0} exists. 
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Proof: The formula 0' can be modified in such a way as to change the 
value assigned to a variable a restricted to the strongly cantorian set 
A freely. Let la represent the singleton map restricted to A, for each 
of the strongly cantorian sets A appearing as bounds of quantifiers in 
0. To raise the type assigned to a by one, replace a with the term 
(ex.x G la{o))- To lower the type assigned to a by one, replace a 
with Oj 1 ({«})• Now each variable in 0' which is bounded in a strongly 
cantorian set A can be assigned a type in such a way that the desired 
additional equations between variables needed to give equivalence with 
0 can be adjoined while preserving stratification. 

NOTE: other specifically NFLI mathematics include unstratified inductive 
definitions (von Neumann ordinals, notions of well-foundedness, etc.) and T- 
sequences and related ideas. 

7.1.4 There are Urelements 

7.2 Extensions of NFU 

7.2.1 The Axiom of Counting; cu-Models. 

But perhaps Counting will be covered in the first part? 

unstratified induction? The cu-modcl construction; a-models; NFU*. 

7.2.2 The Axiom of Cantorian Sets; the Axiom of Large Ordinals 

this will provide an occasion for T-sequences. Interpretation of ZFC in this 
theory (cute eliminations of T). n-Mahlos, fancy partition relations, model 
theory. 

7.2.3 The Axiom of Small Ordinals; the BEST model 

ASO with and without CS and Large Ordinals, weakly compact; nearly 
measurable. Solovay stuff. The BEST model. 

7.3 The Extensional Subsystems 

7.3.1 Ambiguity in Theories with Finitely Many Types; NF 3 

Our type theory TSTU has natural subtheories defined simply by restricting 
the number of types. Similar considerations apply to variants of our type 
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theory. 


Definition: TSTU n is defined as the subtheory of TSTU with type indices > 
n excluded from the language. Other type theories will have subscripted 
variants defined in the same way. 

The situation in three types is very special. 

Theorem: For any infinite model of TSTU3 with either the same concrete 
finite number of atoms at each type or infinitely many atoms at each 
type, there is a model of TSTU, 3 00 with exactly the same theory. 

Proof: By model theory, there is a countable model of TSTU3 with the same 
theory. We want a further refinement: we want a countable model with 
the property that each infinite set can be partitioned into two infinite 
sets. Suppose our initial countable model lacks this property: there are 
then infinite sets which can only be partitioned into finite and cofinite 
pieces. Construct an ultrapower of the model using an ultrafilter on 
the natural numbers. This will give a model of the theory with the 
splitting property (but not a countable one). Build a countable model 
with the same theory as this model, but being sure to include some 
specific constant (referring to a set of nonstandard finite size) in your 
theory. The resulting model will be countable, will have the splitting 
property (because we will have partitions of any infinite set with one 
partition of the fixed nonstandard size), and will have exactly the same 
theory as the original model (if we exclude references to the special 
constant from our language). 

Now we show that in any countable model of TSTU there is an isomor- 
phism between types 0 — 1 and types 1 — 2. First of all, the conditions 
in the statement of the theorem combined with the countability of the 
model are enough to ensure that we have a Injection from the type 1 
atoms onto the type 2 atoms. Now we handle the sets. We fix an order 
on the type 1 sets and an order on the type 2 sets, each of type c 0. When 
we have mapped the first n sets of type 1 to sets of type 2, and also the 
first n sets of type 2 have been assigned inverse images in type 1, we 
assume that we have matched them in such a way that the sizes of the 
corresponding compartments in Venn diagrams determined by the type 
1 sets assigned images and the type 2 sets assigned inverse images is 


251 



correct: for any intersection of the type 1 sets and their complements, 
if the intersection is of concrete finite size n the corresponding intersec- 
tion of type 2 sets and their complements will be of the same concrete 
finite size n, and if the intersection is (countably) infinite the corre- 
sponding intersection of the type 2 sets and their complements will be 
countably infinite. We show how to continue this process (note that the 
conditions are vacuously satisfied initially). Match the first set of type 
1 not yet assigned an image with the first set in the order on type 2 sets 
which has not yet been matched and has the correct intersection sizes 
with the correlates of all finite intersections of the previously mapped 
type 1 sets. The splitting property is needed here to ensure that if 
the new type 1 set has infinite and co-infinite intersection with one of 
the compartments of the Venn diagram determined by the previous set 
that we can choose a type 2 set with appropriate intersection sizes to 
associate with it. Choose an inverse image for the first type 2 set as 
yet not assigned an inverse image in exactly the same way. Notice that 
the map between types 1 and 2 determines a map between types 0 and 
1 by considering singletons. Note that the amount of comprehension 
needed in the type theory considered is very limited: all that is needed 
is existence of singletons, complements and finite unions. 

If / is the isomorphism, we take type 0 as the model and define x En y 
as x Em f(y) (where Em is the membership relation of the model. Note 
that for any x° Em y 1 we have x° Em f 1 ^ 1 ) equivalent and for any 
x 1 Em y 2 we have /“^(a; 1 ) Em f 2 (y 2 ) This model N will be a model 
of TSTU 3 °°: this should be evident. 

It should be evident from these considerations that all models of TSTU 3 
satisfying the conditions on numbers of atoms (which are describable 
in terms of sets of sentences satisfied in their theories) also satisfy Arrib 
(noting that the scheme 0 GG 0 + must be restricted to formulas not 
mentioning type 2). 

Definition: Define NF : > as the theory whose axioms are Strong Extension- 
ality and those instances “{a; | 0} exists” of Stratified Comprehension 
which can be stratified using a stratification with range {0, 1,2} (note 
that the stratification will send a: to 0 or 1, since it must assign 1 or 2 
tO {x | 0}). 

Corollary: NF 3 is consistent. 
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Proof: In the previous Theorem, fix the number of atoms at 0. 

Observation: This is the first consistent fragment of New Foundations 
which we have identified which has strong extensionality. It is im- 
portant to notice that, unlike NF, this is not a weird theory involving 
considerations strange to ordinary mathematics. Every infinite model 
of TST 3 has a correlated model of NF 3 which satisfies the same sen- 
tences when types are dropped. NF 3l though it may seem unfamiliar, 
is ubiquitous and should be of considerable interest in foundations of 
mathematics. 

We go on to consider Ambiguity for TSTU n with n > 3. 

Theorem: TSTU™ is consistent iff TSTU n + Arab is consistent. 

Proof: Notice that our proof above depended on being able to iterate the 
+ operation as far as wanted; this is spoiled by the presence of a top 
type. We will fix this problem using a trick. 

We can cleverly delete all reference to the bottom type of our language. 
We define [C ] 2 as the collection of all sets {x \ x C A} where A is a 
fixed type 1 set (it is important to recall that an urelement is not a 
subset of anything). We define l 1 as usual as the set of all singletons. 
We now observe that x° G y 1 is equivalent to the assertion that {x} C 
y, which is in turn equivalent to “{a;} belongs to every element of 
[C ] 2 which contains y" . We can now replace all references to specific 
type 0 objects by references to singletons and all quantifiers over type 
0 with quantifiers over l 1 , redefining membership in type 0 objects 
appropriately. 

This doesn’t give us anything obvious for free, as we have our special 
constants l 1 and [C ] 2 to consider. We further observe that it is a 
theorem that l 1 is a subset of the domain of [C ] 2 and for every (type 
2) subset A of l 1 there is a unique type 1 object a in the range of [C] 2 
such that “{x} C a” (a fact expressible without mentioning type 0) iff 
{x} G A. 

Now Arab tells us that there are objects 1° and [C ] 1 with the type- 
shifted version of the same property noted above for l 1 and [C] 1 . These 
can be reinterpreted as the singleton set on a new type —1 and the 
inclusion relation on type 0 objects construed as “sets” of type — 1 
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objects. This means that TSTU n + Amb interprets TSTU n+ \ (we can 
reindex so that the new type —1 becomes type 0). We can further 
use ambiguity to ensure that as much as we wish to be true about 1° 
and [C] 1 is the type-shifted analogue of what is true about l 1 and [C] 2 
[we cannot show that there are specific relations which have exactly 
the same properties, merely that there is a relation with any finite 
selection of type shifted versions of the properties of l 1 and [C] 2 ], and 
thus show by compactness that the extension of Amb can consistently 
hold as well. So the consistency of TSTU n + Amb for n > 3 implies the 
consistency of TSTU n+ \ + Amb, whence it implies the consistency of 
TSTU + Amb, whence it implies the consistency of New Foundations. 

Corollary: TST \ + Amb is consistent iff NF is consistent. 

Observation: The profound difference between the case n — 3 and the case 
n — 4 in the strongly extensional case is of interest here. 

Observation: The proofs above will also work in some other type theories. 

Make the point that NF style considerations are natural and ubiquitous 
in 3-typed mathematics. 

This should include the proof of consistency of NFU using 3-type ma- 
chinery and the Pigeonhole Principle instead of Ramsey’s theorem. 

Mathematics in three types, functions without pairs. FM methods in the 
first section would avoid an inversion here. 

7.3.2 Predicativity; NFP; The Ramified Theory of Types Inter- 
preted in NFP; NFI 

7.4 Finite Universes: NFU + “the universe is finite”. 

also NFU and nonstandard analysis? 

7.5 New Foundations 

7.5.1 History of NF; Errors of Quine 

Specker trees, all the bad stuff. A section on FM methods in type theory 
would help here as it would provide an occasion in the first part to carefully 
discuss choice-free mathematics. Orey’s metamathematical results; of course 
they also work in NFU . 
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7.6 Technical Methods for Consistency and Indepen- 
dence Proofs in NF(U) 

7.6.1 Forcing in Type Theory and Set Theory 

Introduce the method of forcing in NFU at least and possibly in type theory 
and ordinary set theory. Prove the independence of the continuum hypothe- 
sis. Forcing in NF , of course. But this may continue a section on forcing in 
the type theory part. 

7.6.2 Frankel-Mostowski Permutation Methods 

Prove the independence of the Axiom of Choice from type theory (certainly) 
and possibly from NFU and/or ordinary set theory. The initial parts of this 
may occur in the type theory part. 

7.7 Cut Elimination in Type Theory and Set Theory 

Prove cut elimination in type theory and SF . Maybe other applications of 
Marcel’s weak extensional collapse. 

7.8 Stratified Combinatory Logic and A-Calculus 

7.9 Rieger-Bernays Permutation Methods 

Explore the consistency and independence proofs obtainable, and the set 
based notion of “well-foundedness” and related ideas. Unstratified imple- 
mentations of numerals. 

7.10 Limitations of Universal Constructions 

The existence of universal objects is not magic. Cartesian closedness failing 
for the category of all sets and functions is an advantage. 


8 Philosophy of Set Theory 

General considerations about the relative merits of the various systems con- 
sidered here and about the sufficiency of each as a foundational system. 
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Comments on the general weirdness of NF and the real nature of the NF 
consistency problem belong here. 


9 Appendix: Manual of Logical Style 

This is a handout I give students at various levels with logical rules in it in 
the same style as the text. 

9.1 Introduction 

This document is designed to assist students in planning proofs. I will try to 
make it as nontechnical as I can. 

There are two roles that statements can have in a proof: a statement can 
be a claim or goal, something that we are trying to prove; a statement can 
be something that we have proved or which we have shown to follow from 
current assumptions, that is, a statement which we can use in the current 
argument. It is very important not to confuse statements in these two roles: 
this can lead to the fallacy of assuming what you are trying to prove (which 
is well-known) or to the converse problem, which I have encountered now 
and then, of students trying to prove things that they already know or are 
entitled to assume! 

In the system of reasoning I present here, we classify statements by their 
top-level logical operation: for each statement with a particular top-level 
operation, there will be a rule or rules to handle goals or claims of that form, 
and a rule or rules to handle using statements of that form which we have 
proved or are entitled to assume. 

In what follows, I make a lot of use of statements like ’’you are entitled 
to assume A v . Notice that if you can flat-out prove A you are entitled to 
assume A. The reason I often talk about being entitled to assume A rather 
than having proved A is that one is often proving things using assumptions 
which are made for the sake of argument. 

9.2 Conjunction 

In this section we give rules for handling “and” . These are so simple that we 
barely notice that they exist! 
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9.2.1 Proving a conjunction 

To prove a statement of the form A A B, first prove A, then prove B. 

This strategy can actually be presented as a rule of inference: 

A 

B 

A A B 

If we have hypotheses A and B , we can draw the conclusion A A B: so a 
strategy for proving AAB is to first prove A then prove B. This gives a proof 
in two parts, but notice that there are no assumptions being introduced in 
the two parts: they are not separate cases. 

If we give this rule a name at all, we call it “conjunction introduction”. 

9.2.2 Using a conjunction 

If we are entitled to assume A A B, we are further entitled to assume A and 
B. This can be summarized in two rules of inference: 

A A B 
~A 

A A B 
B 

This has the same flavor as the rule for proving a conjunction: a conjunc- 
tion just breaks apart into its component parts. 

If we give this rule a name at all, we call it “simplification” . 

9.3 Implication 

In this section we give rules for implication. There is a single basic rule for 
implication in each subsection, and then some derived rules which also involve 
negation, based on the equivalence of an implication with its contrapositive. 
These are called derived rules because they can actually be justified in terms 
of the basic rules. We like the derived rules, though, because they allow us 
to write proofs more compactly. 
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9.3.1 Proving an implication 

The basic strategy for proving an implication: To prove A —> B, add 

A to your list of assumptions and prove B ; if yon can do this, A — >• B 
follows without the additional assumption. 

Stylistically, we indent the part of the proof consisting of statements 
depending on the additional assumption A: once we are done proving 
B under the assumption and thus proving A — >■ B without the assump- 
tion, we discard the assumption and thus no longer regard the indented 
group of lines as proved. 

This rule is called “deduction” 

The indirect strategy for proving an implication: To prove A —$■ B, 
add -i B as a new assumption and prove ->A\ if you can do this, A — >■ B 
follows without the additional assumption. Notice that this amounts 
to proving -< B — y -<A using the basic strategy, which is why it works. 

This rule is called “(deduction of) contrapositive” 

9.3.2 Using an implication 

modus ponens: If you are entitled to assume A and you are entitled to 
assume A — * B, then you are also entitled to assume B. This can be 
written as a rule of inference: 


hi 

A^ B 
~B 

when you just have an implication: If you are entitled to assume A — y 
B, you may at any time adopt A as a new goal, for the sake of proving 
B , and as soon as you have proved it, you also are entitled to assume 
B. Notice that no assumptions are introduced by this strategy. This 
proof strategy is just a restatement of the rule of modus ponens which 
can be used to suggest the way to proceed when we have an implication 
without its hypothesis. 

modus tollens: If you are entitled to assume -> B and you are entitled to 
assume A — >• B, then you are also entitled to assume —>A. This can be 
written as a rule of inference: 
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B 

~^B 

~X4 

Notice that if we replace A — * B with the equivalent contrapositive 
-i B — * ->A, then this becomes an example of modus ponens. This is 
why it works. 

when you just have an implication: If you are entitled to assume A — y 
B , you may at any time adopt ->B as a new goal, for the sake of proving 
-i A, and as soon as you have proved it, you also are entitled to assume 
-i A. Notice that no assumptions are introduced by this strategy. This 
proof strategy is just a restatement of the rule of modus tollens which 
can be used to suggest the way to proceed when we have an implication 
without its hypothesis. 

9.4 Absurdity 

The symbol _L represents a convenient fixed false statement. The point of 
having this symbol is that it makes the rules for negation much cleaner. 

9.4.1 Proving the absurd 

We certainly hope we never do this except under assumptions! If we are 
entitled to assume A and we are entitled to assume ~>A, then we are entitled 
to assume _L. Oops! This rule is called contradiction. 

A 

-iA 

X 


9.4.2 Using the absurd 

We hope we never really get to use it, but it is very useful. If we are entitled 
to assume _L, we are further entitled to assume A (no matter what A is). 
From a false statement, anything follows. We can see that this is valid by 
considering the truth table for implication. 

This rule is called “absurdity elimination” . 
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9.5 Negation 

The rules involving just negation are stated here. We have already seen 

derived rules of implication using negation, and we will see derived rules of 

disjunction using negation below. 

9.5.1 Proving a negation 

direct proof of a negation (basic): To prove -cA, add A as an assump- 
tion and prove _L. If you complete this proof of _L with the additional 
assumption, you are entitled to conclude ->A without the additional 
assumption (which of course you now want to drop like a hot potato!). 
This is the direct proof of a negative statement: proof by contradiction, 
which we describe next, is subtly different. 

Call this rule “negation introduction” . 

proof by contradiction (derived): To prove a statement A of any logical 
form at all, assume ->A and prove _L. If you can prove this under the 
additional assumption, then you can conclude A under no additional 
assumptions. Notice that the proof by contradiction of A is a direct 
proof of the statement -i->A, which we know is logically equivalent to 
A; this is why this strategy works. 

Call this rule “reductio ad absurdum” . 

9.5.2 Using a negation: 

double negation (basic): If you are entitled to assume ~<~<A, you are en- 
titled to assume A. 

contradiction (basic) : This is the same as the rule of contradiction stated 
above under proving the absurd: if you are entitled to assume A and 
you are entitled to assume -*A, you are also entitled to assume _L. You 
also feel deeply queasy. 


A 

->A 
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if you have just a negation: If you are entitled to assume ->A, consider 
adopting A as a new goal: the point of this is that from ->A and 
A you would then be able to deduce _L from which you could further 
deduce whatever goal C you are currently working on. This is especially 
appealing as soon as the current goal to be proved becomes _L, as the 
rule of contradiction is the only way there is to prove _L. 

9.6 Disjunction 

In this section, we give basic rules for disjunction which do not involve nega- 
tion, and derived rules which do. The derived rules can be said to be the 
default strategies for proving a disjunction, but they can be justified using 
the seemingly very weak basic rules (which are also very important rules, 
but often used in a “forward” way as rules of inference). The basic strategy 
for using an implication (proof by cases) is of course very often used and 
very important. The derived rules in this section are justified by the logical 
equivalence of P V Q with both ->P — > Q and -> Q P : if they look to you 

like rules of implication, that is because somewhere underneath they are. 

9.6.1 Proving a disjunction 

the basic rule for proving a disjunction (two forms): To prove AVB, 
prove A. Alternatively, to prove A V H, prove B. You do not need to 
prove both (you should not expect to be able to!) 

This can also be presented as a rule of inference, called addition , which 
comes in two different versions. 


A 

A V B 
B 

A V B 

the default rule for proving a disjunction (derived, two forms): To 

prove A V B, assume —>B and attempt to prove A. If A follows with 
the additional assumption, A V B follows without it. 
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Alternatively (do not do both!): To prove A V B, assume ->A and 
attempt to prove B. If B follows with the additional assumption, Ay B 
follows without it. 

Notice that the proofs obtained by these two methods are proofs of 
-i B A and —>A — y B respectively, and both of these are logically 
equivalent to Ay B. This is why the rule works. Showing that this 
rule can be derived from the basic rules for disjunction is moderately 
hard. 

Call both of these rules “disjunction introduction”. 

9.6.2 Using a disjunction 

proof by cases (basic): If you are entitled to assume Ay B and you are 
trying to prove C, first assume A and prove C (case 1); then assume 
B and attempt to prove C (case 2). 

Notice that the two parts are proofs of A — >• C and B — >• C, and notice 
that (A — » C) A (B — » C ) is logically equivalent to (A V B) — > C (this 
can be verified using a truth table). 

This strategy is very important in practice. 

disjunctive syllogism (derived, various forms): If you are entitled to 
assume Ay B and you are also entitled to assume -iB, you are further 
entitled to assume A. Notice that replacing Ay B with the equivalent 
-n B — > A turns this into an example of modus ponens. 

If you are entitled to assume Ay B and you are also entitled to assume 
-i A, you are further entitled to assume B. Notice that replacing Ay B 
with the equivalent ->A — > B turns this into an example of modus 
ponens. 

Combining this with double negation gives further forms: from B and 
A V -i B deduce A, for example. 

Disjunctive syllogism in rule format: 

Ay B 

-nB 

A~ 
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Am B 
-*A 
B 


9.7 Biconditional 

Some of the rules for the biconditional are derived from the definition of 
A -H- B as (A — > B) A (B — > A). There is a further very powerful rule 
allowing us to use biconditionals to justify replacements of one expression by 
another. 

9.7.1 Proving biconditionals 

the basic strategy for proving a biconditional: To prove A -B- B, first 
assume A and prove B ; then (finished with the first assumption) assume 
B and prove A. Notice that the first part is a proof of A — > B and the 
second part is a proof of B — > A. 

Call this rule “biconditional deduction” . 

derived forms: Replace one or both of the component proofs of implica- 
tions with the contrapositive forms. For example one could first assume 
A and prove B , then assume -i A and prove —> B (changing part 2 to the 
contrapositive form). 

9.7.2 Using biconditionals 

The rules are all variations of modus ponens and modus tollens. Call them 
biconditional modus ponens or biconditional modus tollens as appropriate. 

If you are entitled to assume A and A «->• B, you are entitled to assume 
B. 

If you are entitled to assume B and A «->• B, you are entitled to assume 
A. 

If you are entitled to assume —>A and A B, you are entitled to assume 
—i B. 

If you are entitled to assume ->B and A -B- B, you are entitled to assume 
—i A. 

These all follow quite directly using modus ponens and modus tollens and 
one of these rules: 
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If you are entitled to assume A ■H- B, you are entitled to assume A — >■ B. 
If you are entitled to assume A GG B, you are entitled to assume B — > A. 
The validity of these rules is evident from the definition of a biconditional 
as a conjunction. 

9.8 Calculating with biconditionals 

Let F be a complex expression including a propositional letter P. For any 
complex expression C let F[C/P] denote the result of replacing all occur- 
rences of P by C. 

The replacement rule for biconditionals says that if yon are entitled to 
assume A -B- B and also entitled to assume F[A/P], then you are entitled to 
assume F[B/P], Also, if you are entitled to assume A -h- B and also entitled 
to assume F[B/P ], then you are entitled to assume F[A/P], 

The underlying idea which we here state very carefully is that A -H- B 
justifies substitutions of A for B and of B for A in complex expressions. This 
is justified by the fact that all our operations on statements depend only on 
their truth value, and A GG B is equivalent to the assertion that A and B 
have the same truth value. 

This rule and a list of biconditionals which are tautologies motivates the 
“boolean algebra” approach to logic. 

9.9 Universal Quantifier 

This section presents rules for (Vx.P(x)) (“for all x, P(x)”) and for the 
restricted form (Vx G A.P(x)) (“for all x in the set A, P(x)”). Notice that 
(Vx G A.P(x)) has just the rules one would expect from its logical equivalence 
to (Vx.x G A — > P(x)). 

9.9.1 Proving Universally Quantified Statements 

To prove (Vx.P(x)), first introduce a name a for a completely arbitrary ob- 
ject. This is signalled by a line “Let a be chosen arbitrarily”. This name 
should not appear in any earlier lines of the proof that one is allowed to 
use. The goal is then to prove P(a). Once the proof of P(a) is complete, 
one has proved (Wx.P(x)) and should regard the block beginning with the 
introduction of the arbitrary name a as closed off (as if “Let a be arbitrary” 
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were an assumption). The reason for this is stylistic: one should free up the 
use of the name a for other similar purposes later in the proof. 

To prove (Vx G A.P(x), assume a E A (where a is a name which does not 
appear earlier in the proof in any line one is allowed to use): in the context of 
this kind of proof it is appropriate to say “Let a E A be chosen arbitrarily” 
(and supply a line number so the assumption a E A can be used). One’s goal 
is then to prove P(a). Once the goal is achieved, one is entitled to assume 
(Vx E A.P(x)) and should not make further use of the lines that depend on 
the assumption a E A. It is much more obvious in the restricted case that 
one gets a block of the proof that one should close off (because the block uses 
a special assumption a E A), and the restricted case is much more common 
in actual proofs. 

These rules are called “universal generalization” . The line reference would 
be to the block of statements from “Let a[G A] be chosen arbitrarily” to P(a). 

9.9.2 Using Universally Quantified Statements 

If one is entitled to assume (Vx.P(x)) and c is any name for an object, one 
is entitled to assume P(c). 

If one is entitled to assume (Vx E A.P(x)) and c E A, one is entitled to 
assume P(c). 

These rules are called “universal instantiation”. The reference is to the 
one or two previous lines used. 

As rules of inference: 


(Vx.P(x)) 

pW 

(Vx E A.P(x )) 
c E A 

W) 


9.10 Existential Quantifier 

This section presents rules for (3 x.P(x)) (“for some x , P(x )” , or equivalently 
“there exists an x such that P(x)”) and for the restricted form (3x G A.P(x)) 
(“for some x in the set A, P(x )” or “there exists x in A such that P(x)”). 
Notice that (3x E A.P(x )) has just the rules one would expect from its logical 
equivalence to (3x.x E A A P(x)). 
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9.10.1 Proving Existentially Quantified Statements 

To prove (3x.P(x)), find a name c such that P(c) can be proved. It is your 
responsibility to figure out which c will work. 

To prove (3a; G A.P(x )) find a name c such that c G A and P(c) can be 
proved. It is your responsibility to figure out what c will work. 

A way of phrasing either kind of proof is to express the goal as “Find c 
such that [c G A and] P(c)”, where c is a new name which does not appear 
in the context: once a specific term t is identified as the correct value of c, 
one can then say “let c = f” to signal that one has found the right object. 
Of course this usage only makes sense if c has no prior meaning. 

This rule is called “existential introduction” . The reference is to the one 
or two lines used. 

As rules of inference: 


PM 

(3 x.P(x)) 
c G A 

PM_ 

(3a; G A.P(x )) 

9.10.2 Using Existentially Quantified Statements 

Suppose that one is entitled to assume (3 x.P(x)) and one is trying to prove 
a goal C . One is allowed to further assume P{w ) where w is a name which 
does not appear in any earlier line of the proof that one is allowed to use, 
and prove the goal C. Once the goal C is proved, one should no longer allow 
use of the block of variables in which the name w is declared (the reason for 
this is stylistic: one should be free to use the same variable w as a “witness” 
in a later part of the proof; this makes it safe to do so). If the statement 
one starts with is (3a; G A.P(x)) one may follow P{w ) with the additional 
assumption wgA 

This rule is called “witness introduction”. The reference is to the line 
(3a; [g A].P{x)) and the block of statements from P{w) to C. 

9.11 Proof Format 

Given all these rules, what is a proof? 
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A proof is an argument which can be presented as a sequence of numbered 
statements. Each numbered statement is either justified by a list of earlier 
numbered statements and a rule of inference [for example, an appearance 
of B as line 17 might be justified by an appearance of A as line 3 and an 
appearance of A — y B as line 12, using the rule of modus ponens] or is an 
assumption with an associated goal (the goal is not a numbered statement but 
a comment). Each assumption is followed in the sequence by an appearance of 
the associated goal as a numbered statement, which we will call the resolution 
of the assumption. The section of the proof consisting of an assumption, its 
resolution, and all the lines between them is closed off in the sense that no 
individual line in that section can be used to justify anything appearing in the 
proof after the resolution, nor can any assumption in that section be resolved 
by a line appearing in the proof after the resolution. In my preferred style of 
presenting these proofs, I will indent the section between an assumption and 
its resolution (and further indent smaller subsections within that section with 
their own assumptions and resolutions). The whole sequence of lines from 
the assumption to its resolution can be used to justify a later line (along with 
an appropriate rule of course): for example, the section of a proof between 
line 34: assume A: goal B and line 71: B could be used to justify line 113 
A — >■ B (lines 34-71, deduction ); I do not usually do this (I usually write the 
statement to be proved by a subsection as a goal at the head of that section, 
and I do not usually use statements proved in such subsections later in the 
proof), but it is permitted. 

I usually omit the resolution of a goal if it is immediately preceded by 
an assumption-resolution section (or sections in the case of a biconditional) 
which can be used as its line justification: this seems like a pointless repetition 
of the goal, which will already appear just above such a section. I would state 
the resolution line if it was going to be referred to in a later line justification. 
The idea is that the statement of a goal followed by a block of text that 
proves it is accepted as a proof of that statement; the only reason to repeat 
the statement with a line number is if it is going to be referenced using that 
line number. 

Note the important italicized phrase “can be” . A proof is generally pre- 
sented in a mathematics book as a section of English text including math 
notation where needed. Some assumptions may be assumed to be understood 
by the reader. Some steps in reasoning may be omitted as “obvious”. The 
logical structure will not be indicated explicitly by devices like line number- 
ing and indentation; the author will rely more on the reader understanding 
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what he or she is writing. This means that it is actually quite hard to specify 
exactly what will be accepted as a proof; the best teacher here is experience. 
A fully formalized proof can be specified (even to the level where a computer 
can recognize one and sometimes generate one on its own), but such proofs 
are generally rather long-winded. 

9.12 Examples 

These examples may include some general comments on how to write these 
proofs which you would not include if you were writing this proof yourself. 
I also included resolution lines (restatements of goals after they are proved) 
which I do not usually include. 
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Theorem: ((P A Q) — > R) (P — > (Q — > P)) 

Proof: The statement is a biconditional. The proof is in two parts. 

Part 1: Assume (1) (P A Q) — > R ) 

Goal: (P ->■ (Q ->■ P) 

Now we use the strategy for proving an implication. 

Assume (2) P 
Goal: Q — )• P 

Assume (3) Q 
Goal: P 

Goal: P AQ (so that we can apply m.p. with line 1) 

4 P A Q (from lines 2 and 3) 

5 P rule of modus ponens with lines 1 and 4. This is the 
resolution of the goal at line 3. 

6 Q — >■ P lines 3-5. This is the resolution of the goal at line 
2, and 1 usually omit it. 

7 P — y (Q — y R) lines 2-6 This is the resolution of the goal at line 
1, and I usually omit it. 
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Part 2: Assume (8): P — > (Q — y R) 

Goal: (P A Q) -A R 
Assume (9): PAQ 
Goal: R 

Goal: P (looking at line 1 and thinking of modus ponens) 

10 P from line 9 

11 Q — > R mp lines 10 and 8. 

Goal: Q (looking at line 4 and thinking of modus ponens) 

12 Q from line 9 

13 R lines 11 and 12, rule of modus ponens. This is the 
resolution of the goal at line 9. 

14 (P AQ) — > R This is the resolution of the goal at line 8, which 
I would usually omit. 

15 ((P A Q) — > R) (P — » (Q — > P)) lines 1-14. I would usually omit this 

as it just recapitulates the statement of the theorem already given. If 
1 did omit it, 1 would also restart the numbering at 1 at the beginning 
of Part 2. 
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Theorem: -i(P A Q) <->■ (~>P V ->Q) 


Proof: Part 1: Assume (1): ->(P A Q) 

Goal: ~ i P V ~>Q 

We use the disjunction introduction strategy: assume the 
negation of one alternative and show that the other alter- 
native follows. 

Assume (2): -i-i P 
Goal: ->Q 

Assume (3): Q 

Goal: _L (a contradiction) 

Goal: P A Q (in order to get a contradiction with line 1) 

4 P double negation, line 3 

5 P A Q (lines 3 and 4) 

6 _L 1,5 contradiction . This resolves the goal at line 3. 

7 -i Q lines 3-6 negation introduction. This resolves the goal 
at line 2 (and would usually be omitted). 

8 -i P V ->Q 2-7 disjunction introduction. This resolves the goal 
at line 1 (and would usually be omitted). 
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Part 2: Assume (9): -> P V ->Q 
Goal: -i(P A Q) 

Assume (10): PAQ 
Goal: _L (a contradiction) 

We use the strategy of proof by cases on line 9. 

Case 1 (9a): -iP 
Goal: JL 

11 : P from line 10 

12 : _L 9a, 11 contradiction (this resolves the goal after 
9a) 

Case 2 (9b): -> Q 
Goal: JL 

13 Q from line 10 

14 J_ 9b, 13 contradiction (this resolves the goal after 9b) 
15 J_ 9, 9a-14 proof by cases (I would usually omit this) 

16 -<(P A Q ) 9-15 negation introduction. This resolves the goal 
at line 9; usually omitted. 

17 -i(PAQ) eA (- 1 PV- 1 Q) 1-16, biconditional introduction. Usually omitted 
as it just repeats the statement of the theorem. 
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Rule of Inference (Constructive Dilemma): We verify that 


PVQ 
P ->• R 
Q^S 
RV S 


is a valid rule of inference. 

If we are verifying a rule of inference we assume the hypotheses to be 
true then adopt the conclusion as our goal. 

1 P V Q premise 

2 P — >• R premise 

3 Q — > S premise 

Goal: RV S 

We use proof by cases on line 1. 

Case 1 (la): P 
Goal: RV S 

4 R la, 2, modus ponens 

5 R V S addition, line 4. This resolves the goal at line la. 

Case 2 (lb): Q 

Goal: RV S 

6 S 3,1b, modus ponens 

7 R V S addition, line 6. This resolves the goal at line lb. 

8 RV S proof by cases, 1, la-7. And this is what we set out to prove. 
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